{"id":8790,"name":"pyasn1","ecosystem":"pip","repository_url":"https://github.com/pyasn1/pyasn1","issues_count":702,"created_at":"2025-06-06T22:27:20.997Z","updated_at":"2025-06-06T22:27:20.997Z","purl":"pkg:pypi/pyasn1","metadata":{"id":2865248,"name":"pyasn1","ecosystem":"pypi","description":"Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)","homepage":"https://github.com/pyasn1/pyasn1","licenses":"BSD-2-Clause","normalized_licenses":["BSD-2-Clause"],"repository_url":"https://github.com/pyasn1/pyasn1","keywords_array":[],"namespace":null,"versions_count":41,"first_release_published_at":"2009-11-23T22:41:54.000Z","latest_release_published_at":"2024-09-10T22:41:42.000Z","latest_release_number":"0.6.1","last_synced_at":"2025-06-07T00:14:01.481Z","created_at":"2022-04-10T12:09:41.090Z","updated_at":"2025-06-07T00:14:01.481Z","registry_url":"https://pypi.org/project/pyasn1/","install_command":"pip install pyasn1 --index-url https://pypi.org/simple","documentation_url":"https://pyasn1.readthedocs.io","metadata":{"funding":null,"documentation":"https://pyasn1.readthedocs.io","classifiers":["Development Status :: 5 - Production/Stable","Environment :: Console","Intended Audience :: Developers","Intended Audience :: Education","Intended Audience :: Information Technology","Intended Audience :: System Administrators","Intended Audience :: Telecommunications Industry","License :: OSI Approved :: BSD License","Natural Language :: English","Operating System :: OS Independent","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Communications","Topic :: Software Development :: Libraries :: Python Modules"],"normalized_name":"pyasn1"},"repo_metadata":{"id":44472576,"uuid":"512723255","full_name":"pyasn1/pyasn1","owner":"pyasn1","description":"Generic ASN.1 library for Python","archived":false,"fork":true,"pushed_at":"2024-04-05T14:04:47.000Z","size":1870,"stargazers_count":24,"open_issues_count":24,"forks_count":16,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-05-21T12:10:36.064Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://pyasn1.readthedocs.io/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"etingof/pyasn1","license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyasn1.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.rst","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.rst","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"custom":"http://snmplabs.com/sponsorship.html"}},"created_at":"2022-07-11T11:09:16.000Z","updated_at":"2024-05-01T09:13:33.000Z","dependencies_parsed_at":"2023-01-31T20:55:14.322Z","dependency_job_id":null,"html_url":"https://github.com/pyasn1/pyasn1","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyasn1","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":215420154,"owners_count":15876642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"pyasn1","name":"pyasn1 maintenance organization","uuid":"109076791","kind":"organization","description":"","email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/109076791?v=4","repositories_count":2,"last_synced_at":"2024-05-21T11:51:15.322Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/pyasn1","funding_links":[],"total_stars":30,"followers":2,"following":0,"created_at":"2024-05-21T11:51:17.782Z","updated_at":"2024-05-21T11:51:17.782Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyasn1","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyasn1/repositories"},"tags":[{"name":"v0.5.0.rc2","sha":"08ac8006b7775551027e5d4b0e642a528c296565","kind":"commit","published_at":"2022-08-23T07:25:48.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.5.0.rc2","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.5.0.rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.5.0.rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.5.0.rc2/manifests"},{"name":"v0.5.0.rc1","sha":"0f458da4eb801add67c47d51e8e147515ea0ca19","kind":"commit","published_at":"2022-08-08T08:40:20.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.5.0.rc1","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.5.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.5.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.5.0.rc1/manifests"},{"name":"v0.4.8","sha":"70c1bbde72f8b53f82ed1a7e00cb98fe51c1455f","kind":"commit","published_at":"2019-11-16T17:12:43.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.8","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.8/manifests"},{"name":"v0.4.7","sha":"771aa24c2b52e0ec410f9a94c3a114a6078a3641","kind":"commit","published_at":"2019-09-01T15:58:56.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.7","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.7/manifests"},{"name":"v0.4.6","sha":"bb6b6e26fd2072dae8ba6664e2b8b6c5b78ce5a8","kind":"commit","published_at":"2019-07-31T19:43:30.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.6","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.6/manifests"},{"name":"v0.4.5","sha":"df6fc9a8aae16e32f60a1ff1f42a52c8c344a993","kind":"commit","published_at":"2018-12-29T20:44:17.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.5","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.5/manifests"},{"name":"v0.4.4","sha":"4ad415d71beb6b466842e6c32ec6387b88a3dbae","kind":"commit","published_at":"2018-07-26T07:26:23.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.4","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.4/manifests"},{"name":"v0.4.3","sha":"4b7961a12bfce7a411423aba195bcb9a329f8c4a","kind":"commit","published_at":"2018-05-23T20:36:13.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.3","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.3/manifests"},{"name":"v0.4.2","sha":"df3a2b7781c72ffc703e80d788618d93634e17ab","kind":"commit","published_at":"2017-11-23T18:48:19.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.2","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.2/manifests"},{"name":"v0.4.1","sha":"67e460c8302cd1e2cf181b0d0430f3cdd9681b0c","kind":"commit","published_at":"2017-11-23T10:44:10.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.4.1","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.4.1/manifests"},{"name":"v0.3.7","sha":"136f9e71f50ed8938037e5641b19d857f11b13e4","kind":"commit","published_at":"2017-10-04T20:04:07.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.7","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.7/manifests"},{"name":"v0.3.6","sha":"57b7faf331fe5f2b1cbaa530ea39ed10dfdfe3b7","kind":"commit","published_at":"2017-09-20T20:30:05.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.6","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.6/manifests"},{"name":"v0.3.5","sha":"3182ecf81839ae4072a46706c3d0426a03f80be8","kind":"commit","published_at":"2017-09-16T22:16:53.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.5","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.5/manifests"},{"name":"v0.3.4","sha":"f53f48553c5e683a0c5e9e8009ef754410f2b9e0","kind":"commit","published_at":"2017-09-07T06:59:46.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.4","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.4/manifests"},{"name":"v0.3.3","sha":"3938e520f13feee93dccabf9824f0da122cc54ed","kind":"commit","published_at":"2017-08-26T23:30:41.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.3","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.3/manifests"},{"name":"v0.3.2","sha":"c7ff66bd5bd64b4a7473dbdfbb931b7c56f5f5cd","kind":"commit","published_at":"2017-08-04T18:40:24.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.2","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.2/manifests"},{"name":"v0.3.1","sha":"d6540fd67a0080f369a1b165eae4ad946155dad9","kind":"commit","published_at":"2017-07-26T17:30:36.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.3.1","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.3.1/manifests"},{"name":"0.2.3","sha":"a95b62a8b026d8c61a9c12d257cdf584f7bcdb8e","kind":"commit","published_at":"2017-02-25T22:39:16.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/0.2.3","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/0.2.3/manifests"},{"name":"v0.2.2","sha":"c22b813b9251c35347eace1ea3189d9cbfadfa24","kind":"commit","published_at":"2017-02-07T00:17:50.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.2.2","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.2.2/manifests"},{"name":"v0.2.1","sha":"3fee03b393ee6a6e7e0baf70e54ce5ae7f7e42c1","kind":"commit","published_at":"2017-02-04T22:34:36.000Z","download_url":"https://codeload.github.com/pyasn1/pyasn1/tar.gz/v0.2.1","html_url":"https://github.com/pyasn1/pyasn1/releases/tag/v0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyasn1%2Fpyasn1/tags/v0.2.1/manifests"}]},"repo_metadata_updated_at":"2024-08-28T15:41:18.885Z","dependent_packages_count":553,"downloads":292897250,"downloads_period":"last-month","dependent_repos_count":94117,"rankings":{"downloads":0.004952247494988142,"dependent_repos_count":0.01247232702441458,"dependent_packages_count":0.04512047717655863,"stargazers_count":15.158646165584816,"forks_count":11.217941075591472,"docker_downloads_count":0.005135664068876592,"average":4.407377992823521},"purl":"pkg:pypi/pyasn1","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/pyasn1","docker_dependents_count":10274,"docker_downloads_count":5762168119,"usage_url":"https://repos.ecosyste.ms/usage/pypi/pyasn1","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/pyasn1/dependencies","status":null,"funding_links":["http://snmplabs.com/sponsorship.html"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyasn1/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyasn1/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyasn1/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyasn1/related_packages","maintainers":[{"uuid":"etingof","login":"etingof","name":null,"email":null,"url":null,"packages_count":16,"html_url":"https://pypi.org/user/etingof/","role":null,"created_at":"2022-12-23T02:26:01.506Z","updated_at":"2022-12-23T02:26:01.506Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/etingof/packages"},{"uuid":"ilya","login":"ilya","name":null,"email":null,"url":null,"packages_count":18,"html_url":"https://pypi.org/user/ilya/","role":null,"created_at":"2022-12-23T02:26:01.512Z","updated_at":"2022-12-23T02:26:01.512Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/ilya/packages"},{"uuid":"tiran","login":"tiran","name":null,"email":null,"url":null,"packages_count":46,"html_url":"https://pypi.org/user/tiran/","role":null,"created_at":"2022-12-23T02:26:01.515Z","updated_at":"2022-12-23T02:26:01.515Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/tiran/packages"},{"uuid":"droideck","login":"droideck","name":null,"email":null,"url":null,"packages_count":3,"html_url":"https://pypi.org/user/droideck/","role":null,"created_at":"2022-12-23T02:26:01.500Z","updated_at":"2022-12-23T02:26:01.500Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/droideck/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690419,"maintainers_count":292811,"namespaces_count":0,"keywords_count":228590,"github":"pypi","metadata":{"funded_packages_count":48950},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-06T05:32:09.692Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":566,"unique_repositories_count_past_30_days":5,"recent_issues":[{"uuid":"4636185684","node_id":"PR_kwDON8zQFc7lGli1","number":46,"state":"closed","title":"chore(deps): bump the pip group across 10 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-11T00:45:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-11T00:44:29.000Z","updated_at":"2026-06-11T00:54:41.000Z","time_to_close":74,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":21,"packages":[{"name":"azure-core","old_version":"1.32.0","new_version":"1.38.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"black","old_version":"23.12.1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"fickling","old_version":"0.1.5","new_version":"0.1.10","repository_url":"https://github.com/trailofbits/fickling"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"geopandas","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/geopandas/geopandas"},{"name":"google-cloud-aiplatform","old_version":"1.88.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"gradio","old_version":"5.28.0","new_version":"6.7.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"langgraph","old_version":"0.3.21","new_version":"1.0.10rc1","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langgraph-checkpoint","old_version":"2.0.23","new_version":"4.0.0","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"orjson","old_version":"3.10.16","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"pyarrow","old_version":"16.1.0","new_version":"23.0.1","repository_url":"https://github.com/apache/arrow"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"sentencepiece","old_version":"0.2.0","new_version":"0.2.1","repository_url":"https://github.com/google/sentencepiece"},{"name":"starlette","old_version":"0.41.3","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.5.1","new_version":"2.10.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"virtualenv","old_version":"20.29.1","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"},{"name":"werkzeug","old_version":"3.1.1","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"wheel","old_version":"0.45.1","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen30b/wandb/run-20251119_104422-i55d4x26/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085502-ntfgah7s/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085815-o69alc9b/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_090142-tbmfb9o0/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182158-ymh8qjl6/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182714-8xv4ah4h/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251105_064731-wq8xuzar/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251105_064758-5jy9n26c/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 12 updates in the /wandb/run-20251118_210438-u82h659i/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 21 updates in the /wandb/run-20260527_165151-owf98569/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.129.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.3` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `3.0.1` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.48.0` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n| [multipart](https://github.com/defnull/multipart) | `1.3.0` | `1.3.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.3.0` | `26.0.0` |\n\n\nUpdates `azure-core` from 1.32.0 to 1.38.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-ai-ml_1.34.0\u003c/h2\u003e\n\u003ch2\u003e1.34.0 (2026-06-11)\u003c/h2\u003e\n\u003ch3\u003eBugs Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed cross-tenant registry endpoint resolution for deployment template operations by using the registry discovery API instead of ARM calls.\u003c/li\u003e\n\u003cli\u003eFixed deployment template update failing with immutable field errors by ensuring \u003ccode\u003eallowedInstanceType\u003c/code\u003e and \u003ccode\u003eallowedEnvironmentVariableOverrides\u003c/code\u003e are properly round-tripped during serialization.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6d2e6431ea0991861640e449e51e894247a7771a\"\u003e\u003ccode\u003e6d2e643\u003c/code\u003e\u003c/a\u003e update release date (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44609\"\u003e#44609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ca2b965d8cce6eaa135fe01804b96164b56b7f16\"\u003e\u003ccode\u003eca2b965\u003c/code\u003e\u003c/a\u003e [Core] Prep release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44590\"\u003e#44590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fb8cbea1b9d85135f7ba99bfc6cbc2f3cee138ff\"\u003e\u003ccode\u003efb8cbea\u003c/code\u003e\u003c/a\u003e Introduce new version of continuation token (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44574\"\u003e#44574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6578a78f6a7429bbe73e27ebe904d7f362d7efa2\"\u003e\u003ccode\u003e6578a78\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44398\"\u003e#44398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a69a3c26f3a3ed0c9e5a888d991ad447754ad00b\"\u003e\u003ccode\u003ea69a3c2\u003c/code\u003e\u003c/a\u003e add example to demo how to use truststore (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44343\"\u003e#44343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5ade1087ec6a425d7639eefcff206ceffdf3d48f\"\u003e\u003ccode\u003e5ade108\u003c/code\u003e\u003c/a\u003e Bumping the targeted \u003ccode\u003ehttpx\u003c/code\u003e for \u003ccode\u003eazure-core-experimental\u003c/code\u003e dev reqs (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44328\"\u003e#44328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/cbb1db62711eae72aca1b2bbeedcbd7e02d21109\"\u003e\u003ccode\u003ecbb1db6\u003c/code\u003e\u003c/a\u003e [core] add tests and fix backcompat functions (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44084\"\u003e#44084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/4adcc524b09e09e4916f1280a32f9802cc798788\"\u003e\u003ccode\u003e4adcc52\u003c/code\u003e\u003c/a\u003e [Core] Support timeout error in requests+aiohttp transports (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43201\"\u003e#43201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fd709673eacbebc1107d998f217a131fa3394326\"\u003e\u003ccode\u003efd70967\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43435\"\u003e#43435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/b52527cdfdeff6b6aab4b93a87d4402b1403ce89\"\u003e\u003ccode\u003eb52527c\u003c/code\u003e\u003c/a\u003e [Core] Update TypeHandlerRegistry typing (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43393\"\u003e#43393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-core_1.32.0...azure-core_1.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 23.12.1 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/23.12.1...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fickling` from 0.1.5 to 0.1.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/trailofbits/fickling/releases\"\u003efickling's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpanded the unsafe modules blocklist with:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e_frozen_importlib\u003c/code\u003e, \u003ccode\u003e_frozen_importlib_external\u003c/code\u003e, \u003ccode\u003e_imp\u003c/code\u003e to prevent access to references of blocked modules (\u003ca href=\"https://github.com/trailofbits/fickling/commit/b9e690c5a57ee9cd341de947fc6151959f4ae359\"\u003ehttps://github.com/trailofbits/fickling/commit/b9e690c5a57ee9cd341de947fc6151959f4ae359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003einspect\u003c/code\u003e to block a \u003ccode\u003egetattr\u003c/code\u003e equivalent (\u003ca href=\"https://github.com/trailofbits/fickling/commit/9a6d03fb74da5f37db8cf8ab6600bfb6679403eb\"\u003ehttps://github.com/trailofbits/fickling/commit/9a6d03fb74da5f37db8cf8ab6600bfb6679403eb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elinecache\u003c/code\u003e and \u003ccode\u003edifflib\u003c/code\u003e to prevent file access, \u003ccode\u003egc\u003c/code\u003e for module references (\u003ca href=\"https://github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d\"\u003ehttps://github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e for the report!\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform\u003c/code\u003e to prevent file access (\u003ca href=\"https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975\"\u003ehttps://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/mldangelo\"\u003e\u003ccode\u003e@​mldangelo\u003c/code\u003e\u003c/a\u003e for the report!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGeneral\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eVarious \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/244\"\u003etrailofbits/fickling#244\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/245\"\u003etrailofbits/fickling#245\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/246\"\u003etrailofbits/fickling#246\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/trailofbits/fickling/compare/v0.1.9...v0.1.10\"\u003ehttps://github.com/trailofbits/fickling/compare/v0.1.9...v0.1.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.1.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpanded the unsafe modules blocklist to include \u003ccode\u003euuid\u003c/code\u003e, \u003ccode\u003e_osx_support\u003c/code\u003e and \u003ccode\u003e_aix_support\u003c/code\u003e(GHSA-5hwf-rc88-82xm)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/240\"\u003e#240\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/yash2998chhabria\"\u003e\u003ccode\u003e@​yash2998chhabria\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003erun_hook()\u003c/code\u003e to cover missing pickle entry points (GHSA-wccx-j62j-r448)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/242\"\u003e#242\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/mldangelo\"\u003e\u003ccode\u003e@​mldangelo\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGeneral\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eVaroious \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/238\"\u003e#238\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/trailofbits/fickling/compare/v0.1.8...v0.1.9\"\u003ehttps://github.com/trailofbits/fickling/compare/v0.1.8...v0.1.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.1.8\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003ch2\u003eBreaking changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop Python 3.9 support, minimum is now 3.10 and we started supporting 3.14 (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/175\"\u003e#175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI exit codes now follow ClamAV conventions: 0 for clean, 1 for unsafe, 2 for error (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMalformed pickles raise \u003ccode\u003eInterpretationError\u003c/code\u003e instead of \u003ccode\u003eValueError\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWe added many new modules to the unsafe imports blocklist (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/210\"\u003e#210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/215\"\u003e#215\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/217\"\u003e#217\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/233\"\u003e#233\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/236\"\u003e#236\u003c/a\u003e), while trying to reduce false positives on builtins (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a generic bypass via \u003ccode\u003eOBJ\u003c/code\u003e (\u003ca href=\"https://github.com/trailofbits/fickling/security/advisories/GHSA-mxhj-88fx-4pcv\"\u003ehttps://github.com/trailofbits/fickling/security/advisories/GHSA-mxhj-88fx-4pcv\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/235\"\u003etrailofbits/fickling#235\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/yash2998chhabria\"\u003e\u003ccode\u003e@​yash2998chhabria\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExpanded the blocklist of unsafe imports with various modules (\u003ca href=\"https://github.com/trailofbits/fickling/security/advisories/GHSA-mhc9-48gj-9gp3\"\u003ehttps://github.com/trailofbits/fickling/security/advisories/GHSA-mhc9-48gj-9gp3\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/236\"\u003etrailofbits/fickling#236\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/yash2998chhabria\"\u003e\u003ccode\u003e@​yash2998chhabria\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExpanded the blocklist to catch outbound network connections (\u003ca href=\"https://github.com/trailofbits/fickling/security/advisories/GHSA-83pf-v6qq-pwmr\"\u003ehttps://github.com/trailofbits/fickling/security/advisories/GHSA-83pf-v6qq-pwmr\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/f5dc67b0c13acb1f3cb49a5192992b8b82975dbf\"\u003e\u003ccode\u003ef5dc67b\u003c/code\u003e\u003c/a\u003e Bump version to 0.1.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d\"\u003e\u003ccode\u003e7f39d97\u003c/code\u003e\u003c/a\u003e Add linecache, difflib, gc to UNSAFE_IMPORTS (GHSA-r48f-3986-4f9c)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975\"\u003e\u003ccode\u003e351ed4d\u003c/code\u003e\u003c/a\u003e Add platform to UNSAFE_IMPORTS (GHSA-5cxw-w2xg-2m8h)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/9a6d03fb74da5f37db8cf8ab6600bfb6679403eb\"\u003e\u003ccode\u003e9a6d03f\u003c/code\u003e\u003c/a\u003e Add inspect to UNSAFE_IMPORTS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/b9e690c5a57ee9cd341de947fc6151959f4ae359\"\u003e\u003ccode\u003eb9e690c\u003c/code\u003e\u003c/a\u003e Add _frozen_importlib, _frozen_importlib_external, _imp to UNSAFE_IMPORTS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/e243fbbfd8a7f9866dbd6130f03e336628a6c2c5\"\u003e\u003ccode\u003ee243fbb\u003c/code\u003e\u003c/a\u003e Bump the all group with 3 updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/a7c7cc4adb48a778b827ce86788483084e4aaff0\"\u003e\u003ccode\u003ea7c7cc4\u003c/code\u003e\u003c/a\u003e Bump the all group with 2 updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/8abca135a87310b7a54728aa5ff83d66b766e08e\"\u003e\u003ccode\u003e8abca13\u003c/code\u003e\u003c/a\u003e Bump the all group with 2 updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/a870060d5660206a352f960806702475c7757147\"\u003e\u003ccode\u003ea870060\u003c/code\u003e\u003c/a\u003e Bump version to 0.1.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/ae0b565fe5d7b1117b6fe8dd48a2ebff70fd95d8\"\u003e\u003ccode\u003eae0b565\u003c/code\u003e\u003c/a\u003e Bump picklescan from 1.0.3 to 1.0.4 in /pickle_scanning_benchmark (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/trailofbits/fickling/compare/v0.1.5...v0.1.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.3 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): restore release environment on tag job :pr:\u003ccode\u003e559\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003evalidate pid range in _parse_lock_holder :pr:\u003ccode\u003e556\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 ci(release): publish to PyPI on tag push :pr:\u003ccode\u003e557\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:\u003ccode\u003e558\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.2 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:\u003ccode\u003e555\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e554\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echeck hostname in is_lock_held_by_us :pr:\u003ccode\u003e553\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:\u003ccode\u003e551\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eopen marker reads non-blocking to refuse attacker-placed fifo :pr:\u003ccode\u003e549\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.1 (2026-06-03)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:\u003ccode\u003e548\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e547\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e546\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e545\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e544\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e542\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify per-thread scope of FileLock configuration :pr:\u003ccode\u003e543\u003c/code\u003e - by :user:\u003ccode\u003eGares95\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e541\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix API docs of \u003ccode\u003erelease()\u003c/code\u003e :pr:\u003ccode\u003e540\u003c/code\u003e - by :user:\u003ccode\u003eMrAnno\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e539\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e538\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e537\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:\u003ccode\u003e536\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e535\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.0 (2026-04-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(soft): enable stale lock detection on Windows :pr:\u003ccode\u003e534\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(async): use single-thread executor for lock consistency :pr:\u003ccode\u003e533\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:\u003ccode\u003e530\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.1.0 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.1.0...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `geopandas` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/geopandas/geopandas/releases\"\u003egeopandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue that caused an error in \u003ccode\u003eGeoDataFrame.from_features\u003c/code\u003e when there is no \u003ccode\u003eproperties\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3599\"\u003e#3599\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_file\u003c/code\u003e and \u003ccode\u003eto_file\u003c/code\u003e errors (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003evalue_counts\u003c/code\u003e on GeoSeries now preserves CRS in index (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix f-string placeholders appearing in error messages when \u003ccode\u003epyogrio\u003c/code\u003e cannot be imported (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e.to_json\u003c/code\u003e now provides a clearer error message when called on a GeoDataFrame without an active geometry\ncolumn (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eCalling \u003ccode\u003edel gdf[\u0026quot;geometry\u0026quot;]\u003c/code\u003e now will downcast to a \u003ccode\u003epd.DataFrame\u003c/code\u003e if there are no geometry columns left\nin the dataframe (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix SQL injection in \u003ccode\u003eto_postgis\u003c/code\u003e via geometry column name (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3681\"\u003e#3681\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2\"\u003ehttps://github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/geopandas/geopandas/blob/main/CHANGELOG.md\"\u003egeopandas's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.1.2 (December 22, 2025)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue that caused an error in \u003ccode\u003eGeoDataFrame.from_features\u003c/code\u003e when there is no \u003ccode\u003eproperties\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3599\"\u003e#3599\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_file\u003c/code\u003e and \u003ccode\u003eto_file\u003c/code\u003e errors (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003evalue_counts\u003c/code\u003e on GeoSeries now preserves CRS in index (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix f-string placeholders appearing in error messages when \u003ccode\u003epyogrio\u003c/code\u003e cannot be imported (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e.to_json\u003c/code\u003e now provides a clearer error message when called on a GeoDataFrame without an active geometry\ncolumn (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eCalling \u003ccode\u003edel gdf[\u0026quot;geometry\u0026quot;]\u003c/code\u003e now will downcast to a \u003ccode\u003epd.DataFrame\u003c/code\u003e if there are no geometry columns left\nin the dataframe (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix SQL injection in \u003ccode\u003eto_postgis\u003c/code\u003e via geometry column name (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3681\"\u003e#3681\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/geopandas/geopandas/commit/81214bf9f3eaba9f5fdcfd141ae8d16fa17fd860\"\u003e\u003ccode\u003e81214bf\u003c/code\u003e\u003c/a\u003e RLS: backport fixes for 1.1.2 (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/geopandas/geopandas/commit/62dd4a2469bb6236b83fb91466a8183321da04da\"\u003e\u003ccode\u003e62dd4a2\u003c/code\u003e\u003c/a\u003e COMPAT: pandas 3 refactor breaks \u003cstrong\u003efinalize\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3611\"\u003e#3611\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.88.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/Dakota1890/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2FDakota1890/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"},{"uuid":"4544364294","node_id":"PR_kwDOQjXu8M7gbzaf","number":2,"state":"closed","title":"chore(deps): bump the pip group across 7 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T22:59:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:51:50.000Z","updated_at":"2026-06-03T22:59:02.000Z","time_to_close":518830,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":15,"packages":[{"name":"google-cloud-aiplatform","old_version":"1.87.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"4.25.8","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"1.26.20","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest), [python-dotenv](https://github.com/theskumar/python-dotenv) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 6 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.7.0` |\n\nBumps the pip group with 2 updates in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest) and [pydantic-ai](https://github.com/pydantic/pydantic-ai).\nBumps the pip group with 7 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [langchain](https://github.com/langchain-ai/langchain) | `0.3.2` | `0.3.30` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.3.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.7.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the pip group with 1 update in the /gemini/sample-apps/quickbot/multi-agent-travel-concierge-with-adk/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.7.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\n\nUpdates `protobuf` from 5.29.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.5 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.5...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.1.1 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.1.1...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.87.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix RagManagedVertexVectorSearch when using backend_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/df0976ed3195dc8313f4728bc5ecb29dda55d467\"\u003edf0976e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - patch for vulnerability in visualization (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480\"\u003e8a00d43\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/78f2bdd08bae0696923e61ab73080b5846c67ae0\"\u003e\u003ccode\u003e78f2bdd\u003c/code\u003e\u003c/a\u003e chore(main): release 1.133.0 (\u003ca href=\"https://redirect.github.com/googleapis/python-aiplatform/issues/6211\"\u003e#6211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003e\u003ccode\u003ec8c0f0f\u003c/code\u003e\u003c/a\u003e fix: Add None check for agent_info in evals.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/9952b970b73cfe38e68c48b3699ee4e1df0264df\"\u003e\u003ccode\u003e9952b97\u003c/code\u003e\u003c/a\u003e chore: rollback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e\u003ccode\u003e83f4076\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/937d5af6b9bdbbe3b50181745c99550f124ad8b4\"\u003e\u003ccode\u003e937d5af\u003c/code\u003e\u003c/a\u003e Copybara import of the project:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/aaaf902be02747cd2281196aad6278df0fd11f7e\"\u003e\u003ccode\u003eaaaf902\u003c/code\u003e\u003c/a\u003e chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e\u003ccode\u003e8c876ef\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e\u003ccode\u003e5448f06\u003c/code\u003e\u003c/a\u003e fix: Require uri or staging bucket configuration for saving model to Vertex E...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e\u003ccode\u003e65717fa\u003c/code\u003e\u003c/a\u003e feat: GenAI SDK client(memory): Add enable_third_person_memories\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003e\u003ccode\u003ebe2eaaa\u003c/code\u003e\u003c/a\u003e fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.87.0...v1.133.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.8 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/stevewithington/gcp-generative-ai/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevewithington%2Fgcp-generative-ai/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4521319009","node_id":"PR_kwDOQsR1Rs7fQvlz","number":238,"state":"closed","title":"chore(deps)(deps): bump the security-updates group across 1 directory with 33 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T02:17:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T04:19:00.000Z","updated_at":"2026-05-27T02:17:58.000Z","time_to_close":79136,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"security-updates","update_count":33,"packages":[{"name":"typer","old_version":"0.21.1","new_version":"0.25.1","repository_url":"https://github.com/fastapi/typer"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"openai","old_version":"2.14.0","new_version":"2.38.0","repository_url":"https://github.com/openai/openai-python"},{"name":"eth-hash","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/ethereum/eth-hash"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"ruff","old_version":"0.14.10","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.0","new_version":"7.13.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"google-api-core","old_version":"2.28.1","new_version":"2.30.3","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"google-api-python-client","old_version":"2.187.0","new_version":"2.196.0","repository_url":"https://github.com/googleapis/google-api-python-client"},{"name":"google-auth","old_version":"2.47.0","new_version":"2.53.0","repository_url":"https://github.com/googleapis/google-auth-library-python"},{"name":"google-auth-httplib2","old_version":"0.3.0","new_version":"0.4.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"googleapis-common-protos","old_version":"1.72.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"grpcio","old_version":"1.76.0","new_version":"1.80.0","repository_url":"https://github.com/grpc/grpc"},{"name":"httplib2","old_version":"0.31.0","new_version":"0.31.2","repository_url":"https://github.com/httplib2/httplib2"},{"name":"idna","old_version":"3.11","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"jiter","old_version":"0.12.0","new_version":"0.15.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"proto-plus","old_version":"1.27.0","new_version":"1.28.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pyparsing","old_version":"3.3.1","new_version":"3.3.2","repository_url":"https://github.com/pyparsing/pyparsing"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the security-updates group with 30 updates in the /secbrain directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [typer](https://github.com/fastapi/typer) | `0.21.1` | `0.25.1` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.1` |\n| [openai](https://github.com/openai/openai-python) | `2.14.0` | `2.38.0` |\n| [eth-hash](https://github.com/ethereum/eth-hash) | `0.7.1` | `0.8.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.10` | `0.15.14` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.5.20` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.4.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.0` | `7.13.1` |\n| [google-api-core](https://github.com/googleapis/google-cloud-python) | `2.28.1` | `2.30.3` |\n| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.187.0` | `2.196.0` |\n| [google-auth](https://github.com/googleapis/google-auth-library-python) | `2.47.0` | `2.53.0` |\n| [google-auth-httplib2](https://github.com/googleapis/google-cloud-python) | `0.3.0` | `0.4.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.72.0` | `1.75.0` |\n| [grpcio](https://github.com/grpc/grpc) | `1.76.0` | `1.80.0` |\n| [httplib2](https://github.com/httplib2/httplib2) | `0.31.0` | `0.31.2` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.16` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.15.0` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [proto-plus](https://github.com/googleapis/google-cloud-python) | `1.27.0` | `1.28.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [pyparsing](https://github.com/pyparsing/pyparsing) | `3.3.1` | `3.3.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `typer` from 0.21.1 to 0.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1699\"\u003e#1699\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.30 to 0.0.31. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1696\"\u003e#1696\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.0 to 2.13.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1697\"\u003e#1697\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/blob/master/docs/release-notes.md\"\u003etyper's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1 (2026-04-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0 (2026-04-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2 (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/cfcc2ef9f948bcce67897a6c7e689d39da690bf9\"\u003e\u003ccode\u003ecfcc2ef\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/13846cc59bd574567a9a1f56eae3cd42b9aa2a4f\"\u003e\u003ccode\u003e13846cc\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/a43746997ad6f2b4a8829c69c919f4d4c2cc0698\"\u003e\u003ccode\u003ea437469\u003c/code\u003e\u003c/a\u003e 🔧 Add Typer Library Skill for Agents (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1620\"\u003e#1620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/ba6cc2c9e7cba35f891c91118e228e1d2da35edb\"\u003e\u003ccode\u003eba6cc2c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/0f3ead07c2bb384fdd590e895ca6705582c58d89\"\u003e\u003ccode\u003e0f3ead0\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.11 to 0.15.12 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1722\"\u003e#1722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/db4ade64936599b3460f2fc0a7c550c3fedc33b0\"\u003e\u003ccode\u003edb4ade6\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5a5206ceed2afdf234f88a6e2ef74ad9ebdf0d92\"\u003e\u003ccode\u003e5a5206c\u003c/code\u003e\u003c/a\u003e ⬆ Bump prek from 0.3.10 to 0.3.11 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1723\"\u003e#1723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/959845e173b4bec0d606d99247815c2710613ca8\"\u003e\u003ccode\u003e959845e\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5e1fcfb5935e7ac3ff3c7526ef297eae31bd4822\"\u003e\u003ccode\u003e5e1fcfb\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/dfb21ad034804584702d553ebfba40d8f4d791b9\"\u003e\u003ccode\u003edfb21ad\u003c/code\u003e\u003c/a\u003e 🚸 Don't truncate code lines in traceback when formatted with Rich (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1695\"\u003e#1695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/typer/compare/0.21.1...0.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.12.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eboto3-stubs\u003c/code\u003e to \u003ccode\u003etypes-boto3\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/831\"\u003epydantic/pydantic-settings#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI not recognizing field name with validate_by_name and AliasChoices by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/826\"\u003epydantic/pydantic-settings#826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow customisation of the dotevn setting source to filter variables by \u003ca href=\"https://github.com/CaselIT\"\u003e\u003ccode\u003e@​CaselIT\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/832\"\u003epydantic/pydantic-settings#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/833\"\u003epydantic/pydantic-settings#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce yamlfmt by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/836\"\u003epydantic/pydantic-settings#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump boto3 from 1.42.82 to 1.42.83 in the python-packages group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/837\"\u003epydantic/pydantic-settings#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce zizmor by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/838\"\u003epydantic/pydantic-settings#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CliPositionalArg[list[CustomType]] crash for custom types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/839\"\u003epydantic/pydantic-settings#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd note about Mypy plugin for \u003ccode\u003eBaseSettings.__init__()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/842\"\u003epydantic/pydantic-settings#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/844\"\u003epydantic/pydantic-settings#844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/847\"\u003epydantic/pydantic-settings#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to \u003ccode\u003ejson_schema_extra\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/843\"\u003epydantic/pydantic-settings#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/848\"\u003epydantic/pydantic-settings#848\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/617c690fb16c95eb0fb98fc88c0d6d82b9af4fa9\"\u003e\u003ccode\u003e617c690\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/844\"\u003e#844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.14.0 to 2.38.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.38.0\u003c/h2\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.36.0\u003c/h2\u003e\n\u003ch2\u003e2.36.0 (2026-05-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.1...v2.36.0\"\u003ev2.35.1...v2.36.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/13c639cc7d57e4fbd4406563511e15eeb88a54b2\"\u003e13c639c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e realtime 2 (\u003ca href=\"https://github.com/openai/openai-python/commit/8fe0ab87e67eeb3cc27426b50093845229520f0e\"\u003e8fe0ab8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.35.1\u003c/h2\u003e\n\u003ch2\u003e2.35.1 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.0...v2.35.1\"\u003ev2.35.0...v2.35.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.36.0 (2026-05-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.1...v2.36.0\"\u003ev2.35.1...v2.36.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/13c639cc7d57e4fbd4406563511e15eeb88a54b2\"\u003e13c639c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e realtime 2 (\u003ca href=\"https://github.com/openai/openai-python/commit/8fe0ab87e67eeb3cc27426b50093845229520f0e\"\u003e8fe0ab8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.35.1 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.0...v2.35.1\"\u003ev2.35.0...v2.35.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e fix imagegen \u003ccode\u003esize\u003c/code\u003e enum regression (\u003ca href=\"https://github.com/openai/openai-python/commit/44846536bc3b02c393daa5bae70a85de04c7f621\"\u003e4484653\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/e75766769547601a25ed83b666c4d0fd046881f0\"\u003e\u003ccode\u003ee757667\u003c/code\u003e\u003c/a\u003e release: 2.38.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/b85b647b5312debb951814dfb9ed13f906d6bf43\"\u003e\u003ccode\u003eb85b647\u003c/code\u003e\u003c/a\u003e feat(api): api update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/d881c67866083ae187e14664e289e68a3ba04686\"\u003e\u003ccode\u003ed881c67\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;chore: check release PR custom code sync\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/d4a322816ad637330e40fdcdee9ca48bc92a2a4f\"\u003e\u003ccode\u003ed4a3228\u003c/code\u003e\u003c/a\u003e chore: check release PR custom code sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/48888380cdfc01e4f22f9ed7fbd5250231472e0d\"\u003e\u003ccode\u003e4888838\u003c/code\u003e\u003c/a\u003e chore: remove release automation trigger\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/74978f055a7adf004dec718e80bb46241e54d9ca\"\u003e\u003ccode\u003e74978f0\u003c/code\u003e\u003c/a\u003e chore: trigger release automation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/bab18af787cd5d962aedeb4b5b86df4f6cf28003\"\u003e\u003ccode\u003ebab18af\u003c/code\u003e\u003c/a\u003e chore(api): docs updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a6f899aa1e046dd0cc18b89c4f73260463888db6\"\u003e\u003ccode\u003ea6f899a\u003c/code\u003e\u003c/a\u003e feat(api): manual updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2897485d445f2924c5c2a8e6a9f40eec633ff345\"\u003e\u003ccode\u003e2897485\u003c/code\u003e\u003c/a\u003e feat(api): update OpenAPI spec or Stainless config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a2f1d6c56980713619760c60a5c7bfb580b0adcb\"\u003e\u003ccode\u003ea2f1d6c\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.14.0...v2.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eth-hash` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ethereum/eth-hash/blob/main/docs/release_notes.rst\"\u003eeth-hash's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eeth-hash v0.8.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003eNo significant changes.\u003c/p\u003e\n\u003ch2\u003eeth-hash v0.8.0-beta.1 (2025-12-17)\u003c/h2\u003e\n\u003cp\u003eBreaking Changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Drop support for Python 3.8 and 3.9 (`[#66](https://github.com/ethereum/eth-hash/issues/66) \u0026lt;https://github.com/ethereum/eth-hash/issues/66\u0026gt;`__)\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Add support for Python 3.14 (`[#66](https://github.com/ethereum/eth-hash/issues/66) \u0026amp;lt;https://github.com/ethereum/eth-hash/issues/66\u0026amp;gt;`__)\n\u0026lt;/code\u0026gt;\u0026lt;/pre\u0026gt;\n\u0026lt;/blockquote\u0026gt;\n\u0026lt;/details\u0026gt;\n\u0026lt;details\u0026gt;\n\u0026lt;summary\u0026gt;Commits\u0026lt;/summary\u0026gt;\n\n\u0026lt;ul\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/b599a9632c696d0fb63b1903e79b0608f302e4d2\u0026quot;\u0026gt;\u0026lt;code\u0026gt;b599a96\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Bump version: 0.8.0-beta.1 → 0.8.0\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/3651eea939a90c08328bb69fbbc061c1544c34a7\u0026quot;\u0026gt;\u0026lt;code\u0026gt;3651eea\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Compile release notes for v0.8.0\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/fe118e793e1e626762120419bf72548b8f2ec604\u0026quot;\u0026gt;\u0026lt;code\u0026gt;fe118e7\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Bump version: 0.7.1 → 0.8.0-beta.1\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/e2a6b53d8eddb12c4e0ab9534cf31b134c3d2da4\u0026quot;\u0026gt;\u0026lt;code\u0026gt;e2a6b53\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Compile release notes for v0.8.0-beta.1\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/d1b733ecb7ef7ffe86c9701cf333c55bab8bfb80\u0026quot;\u0026gt;\u0026lt;code\u0026gt;d1b733e\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Merge pull request \u0026lt;a href=\u0026quot;https://redirect.github.com/ethereum/eth-hash/issues/66\u0026quot;\u0026gt;#66\u0026lt;/a\u0026gt; from kclowes/template-upgrade\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/c97025fb0df6c9389feb795b03aa8fca832f6c7c\u0026quot;\u0026gt;\u0026lt;code\u0026gt;c97025f\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Add newsfragments for \u0026lt;a href=\u0026quot;https://redirect.github.com/ethereum/eth-hash/issues/66\u0026quot;\u0026gt;#66\u0026lt;/a\u0026gt;\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/b17284c4c9ea8da04f70c994136dd8aeadfca968\u0026quot;\u0026gt;\u0026lt;code\u0026gt;b17284c\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; lint\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/62b4055a18a683e637489699b31b07fcd76c2e28\u0026quot;\u0026gt;\u0026lt;code\u0026gt;62b4055\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Fix typing\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/75a75ab080513d4b15946a6e3ec8ade9b8168f6b\u0026quot;\u0026gt;\u0026lt;code\u0026gt;75a75ab\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Fix docs build\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/cca06391f173d09936352dd9a512c2abb801383b\u0026quot;\u0026gt;\u0026lt;code\u0026gt;cca0639\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Add py314-backend-* jobs to circleci config\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;Additional commits viewable in \u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/compare/v0.7.1...v0.8.0\u0026quot;\u0026gt;compare view\u0026lt;/a\u0026gt;\u0026lt;/li\u0026gt;\n\u0026lt;/ul\u0026gt;\n\u0026lt;/details\u0026gt;\n\n\u0026lt;br /\u0026gt;\u003c/code\u003e\u003c/pre\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-cov` from 7.0.0 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst\"\u003epytest-cov's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-03-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed total coverage computation to always be consistent, regardless of reporting settings.\nPreviously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on\nreporting options.\nSee \u003ccode\u003e[#641](https://github.com/pytest-dev/pytest-cov/issues/641) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/641\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove handling of ResourceWarning from sqlite3.\u003c/p\u003e\n\u003cp\u003eThe plugin adds warning filter for sqlite3 \u003ccode\u003eResourceWarning\u003c/code\u003e unclosed database (since 6.2.0).\nIt checks if there is already existing plugin for this message by comparing filter regular expression.\nWhen filter is specified on command line the message is escaped and does not match an expected message.\nA check for an escaped regular expression is added to handle this case.\u003c/p\u003e\n\u003cp\u003eWith this fix one can suppress \u003ccode\u003eResourceWarning\u003c/code\u003e from sqlite3 from command line::\u003c/p\u003e\n\u003cp\u003epytest -W \u0026quot;ignore:unclosed database in \u0026lt;sqlite3.Connection object at:ResourceWarning\u0026quot; ...\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to documentation.\nContributed by Art Pelling in \u003ccode\u003e[#718](https://github.com/pytest-dev/pytest-cov/issues/718) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/718\u0026gt;\u003c/code\u003e_ and\n\u0026quot;vivodi\u0026quot; in \u003ccode\u003e[#738](https://github.com/pytest-dev/pytest-cov/issues/738) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/738\u0026gt;\u003c/code\u003e\u003cem\u003e.\nAlso closed \u003ccode\u003e[#736](https://github.com/pytest-dev/pytest-cov/issues/736) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/736\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed some assertions in tests.\nContributed by in Markéta Machová in \u003ccode\u003e[#722](https://github.com/pytest-dev/pytest-cov/issues/722) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/722\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622\"\u003e\u003ccode\u003e66c8a52\u003c/code\u003e\u003c/a\u003e Bump version: 7.0.0 → 7.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e\"\u003e\u003ccode\u003ef707662\u003c/code\u003e\u003c/a\u003e Make the examples use pypy 3.11.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672\"\u003e\u003ccode\u003e6049a78\u003c/code\u003e\u003c/a\u003e Make context test use the old ctracer (seems the new sysmon tracer behaves di...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b\"\u003e\u003ccode\u003e8ebf20b\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9\"\u003e\u003ccode\u003e861d30e\u003c/code\u003e\u003c/a\u003e Remove the backup context manager  - shouldn't be needed since coverage 5.0, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f\"\u003e\u003ccode\u003efd4c956\u003c/code\u003e\u003c/a\u003e Pass the precision on the nulled total (seems that there's some caching goion...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6\"\u003e\u003ccode\u003e78c9c4e\u003c/code\u003e\u003c/a\u003e Only run the 3.9 on older deps.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc\"\u003e\u003ccode\u003e4849a92\u003c/code\u003e\u003c/a\u003e Punctuation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7\"\u003e\u003ccode\u003e197c35e\u003c/code\u003e\u003c/a\u003e Update changelog and hopefully I don't forget to publish release again :))\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f\"\u003e\u003ccode\u003e14dc1c9\u003c/code\u003e\u003c/a\u003e Update examples to use 3.11 and make the adhoc layout example look a bit more...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.10 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyli...\n\n_Description has been truncated_","html_url":"https://github.com/blairmichaelg/secbrain/pull/238","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/blairmichaelg%2Fsecbrain/issues/238","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/238/packages"},{"uuid":"4490809265","node_id":"PR_kwDOOMKlh87dvpUg","number":7,"state":"closed","title":"Bump the pip group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:35:58.000Z","updated_at":"2026-05-28T22:52:57.000Z","time_to_close":685017,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":22,"packages":[{"name":"flask-cors","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"lxml","old_version":"5.3.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"eventlet","old_version":"0.39.0","new_version":"0.41.0","repository_url":"https://github.com/eventlet/eventlet"},{"name":"setuptools","old_version":"58.5.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"wheel","old_version":"0.45.0","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pymongo","old_version":"4.3.3","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"poetry","old_version":"2.0.0","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"twisted","old_version":"24.3.0","new_version":"26.4.0rc2","repository_url":"https://github.com/twisted/twisted"},{"name":"cryptography","old_version":"44.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"werkzeug","old_version":"2.3.7","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.17.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"5.29.3","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"virtualenv","old_version":"20.29.2","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `5.0.0` | `6.0.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.1` | `6.1.0` |\n| [eventlet](https://github.com/eventlet/eventlet) | `0.39.0` | `0.41.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `58.5.3` | `78.1.1` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.0` | `0.46.2` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.3` | `4.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.0.0` | `2.3.4` |\n| [twisted](https://github.com/twisted/twisted) | `24.3.0` | `26.4.0rc2` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.1.6` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.36.1` |\n\nBumps the pip group with 4 updates in the /buildscripts/cost_model directory: [pymongo](https://github.com/mongodb/mongo-python-driver), [fonttools](https://github.com/fonttools/fonttools), [pillow](https://github.com/python-pillow/Pillow) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).\n\nUpdates `flask-cors` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking\u003c/h2\u003e\n\u003cp\u003ePath specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6839] Sort Paths by Regex Specificity by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/391\"\u003ecorydolphin/flask-cors#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/389\"\u003ecorydolphin/flask-cors#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6866] Case Sensitive Request Path Matching by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/390\"\u003ecorydolphin/flask-cors#390\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Docs] Fix links to documentation by \u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix minor typos by \u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate packaging and environment management to use uv by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/377\"\u003ecorydolphin/flask-cors#377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release pipeline by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/378\"\u003ecorydolphin/flask-cors#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use trusted publishing by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/379\"\u003ecorydolphin/flask-cors#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkaround license publishing issue by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/380\"\u003ecorydolphin/flask-cors#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix packaging: missing source files by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/381\"\u003ecorydolphin/flask-cors#381\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536\"\u003e\u003ccode\u003e35d8753\u003c/code\u003e\u003c/a\u003e [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f\"\u003e\u003ccode\u003ee970988\u003c/code\u003e\u003c/a\u003e [CVE-2024-6839] Sort Paths by Regex Specificity (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358\"\u003e\u003ccode\u003eeb39516\u003c/code\u003e\u003c/a\u003e [CVE-2024-6866] Case Sensitive Request Path Matching (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/5da9be479b4fb203816bca9eb0cfb7add5eeceb5\"\u003e\u003ccode\u003e5da9be4\u003c/code\u003e\u003c/a\u003e Fix packaging: missing source files (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/65a51321e1be9a4320b39f67db5e63553cd8138b\"\u003e\u003ccode\u003e65a5132\u003c/code\u003e\u003c/a\u003e Workaround license publishing issue (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/7127e7e3914083fbe4ebd8f7ef9b3ae0e8459daa\"\u003e\u003ccode\u003e7127e7e\u003c/code\u003e\u003c/a\u003e Always use trusted publishing (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/01e2e68268f7fdb4ed7309a655986b85c9066a67\"\u003e\u003ccode\u003e01e2e68\u003c/code\u003e\u003c/a\u003e Fix release pipeline (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/ade65a16524c628747aecaaa73c1d615501974b2\"\u003e\u003ccode\u003eade65a1\u003c/code\u003e\u003c/a\u003e Major Packaging Refactor: migrate to uv (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb44bffc76f49e5bb8692e96a37e11ebee070cf0\"\u003e\u003ccode\u003eeb44bff\u003c/code\u003e\u003c/a\u003e fix: typos (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/371\"\u003e#371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/1225e7806156de61f343928c227e32bbff44059e\"\u003e\u003ccode\u003e1225e78\u003c/code\u003e\u003c/a\u003e replace documentation links in README (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 5.3.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-6.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.3.1...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eventlet` from 0.39.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eventlet/eventlet/blob/master/NEWS\"\u003eeventlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.41.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to 3.14 for testing (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMore visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.4\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.3\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY] Fix request smuggling vulnerability by discarding trailers (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.2\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix compatibility issues identified with Python 3.14 on Linux (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake database removal safer with IF EXISTS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrepare jobs and CI/CD for python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1055\"\u003e#1055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] \u0026quot;Fix\u0026quot; fork() so it \u0026quot;works\u0026quot; on Python 3.13, and \u0026quot;works\u0026quot; better on older Python versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1047\"\u003e#1047\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eBehavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.\u003c/li\u003e\n\u003cli\u003eBug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[fix] Fix patching of removed URLopener class in Python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] ReferenceError except while count rlock (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.utcfromtimestamp (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix][env] Remove duplicate steps (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.datetime.utcnow (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Fix ssl test when linking against openssl 3.5 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1034\"\u003e#1034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support Python 3.8 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[doc] Various doc updates (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/981\"\u003e#981\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1033\"\u003e#1033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[env] Drop PyPy support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1035\"\u003e#1035\u003c/a\u003e \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.39.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/5ec4b6dcd2e5bb41c63743bd59dedbce4a9c5381\"\u003e\u003ccode\u003e5ec4b6d\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.41.0 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/6de7dbbd71585e34ccbec99d220606febb286bb8\"\u003e\u003ccode\u003e6de7dbb\u003c/code\u003e\u003c/a\u003e Switch to 3.14 for testing, fix problems found along the way. (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1ea81d9fbf12ce62a818ff9125ca14593c5506a7\"\u003e\u003ccode\u003e1ea81d9\u003c/code\u003e\u003c/a\u003e Drop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/62662af7002b531bed608c7dd73d81943ff638c9\"\u003e\u003ccode\u003e62662af\u003c/code\u003e\u003c/a\u003e More visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/f3254a1b401714f6dfdffa5045d25a4d36c76c06\"\u003e\u003ccode\u003ef3254a1\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.40.4 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/8cb20296f3455a1836cdbcbf1d3545666ee7f867\"\u003e\u003ccode\u003e8cb2029\u003c/code\u003e\u003c/a\u003e Remove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/220f82d843c0a57c267e77f0cc437e0b43be1cca\"\u003e\u003ccode\u003e220f82d\u003c/code\u003e\u003c/a\u003e add 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/01a3da5f9b552c7d58eb6de829d33f522d4b04cf\"\u003e\u003ccode\u003e01a3da5\u003c/code\u003e\u003c/a\u003e Emit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1b2b959da1257dccd23956fda43d03dc6a28ca16\"\u003e\u003ccode\u003e1b2b959\u003c/code\u003e\u003c/a\u003e Fix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/d8bf4659cd8b178949cc2b1485b337d46bae6532\"\u003e\u003ccode\u003ed8bf465\u003c/code\u003e\u003c/a\u003e Workaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eventlet/eventlet/compare/0.39.0...0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 58.5.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v58.5.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.0 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.0...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.3 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.3...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `poetry` from 2.0.0 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.0.0...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `twisted` from 24.3.0 to 26.4.0rc2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/releases\"\u003etwisted's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eTwisted 26.4.0rc2 (2026-04-29)\u003c/h1\u003e\n\u003cp\u003eThis is the last release with support for Python 3.9.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.\nReported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12626\"\u003e#12626\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.endpoints.serverFromString now supports the \u003ccode\u003etls\u003c/code\u003e endpoint\ntype, which allows you to do \u003ccode\u003etwist web\r --listen=tls:.../certbot-dir/config/live\u003c/code\u003e pointed at a certbot live\nconfiguration directory and have your certbot certificates automatically\ndiscovered and served appropriately. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9885\"\u003e#9885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.reactor\u003c/code\u003e now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9909\"\u003e#9909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types \u0026quot;\u003ca href=\"mailto:sk-ecdsa-sha2-nistp256@openssh.com\"\u003esk-ecdsa-sha2-nistp256@openssh.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:sk-ssh-ed25519@openssh.com\"\u003esk-ssh-ed25519@openssh.com\u003c/a\u003e\u0026quot; and extracting the \u003ccode\u003eapplication\u003c/code\u003e property from these new key types. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12212\"\u003e#12212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.mail will now return a meaningful Failure when TLS validation fails. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10232\"\u003e#10232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA potential reference cycle that might cause intermittent memory spikes while\nusing twisted.internet.defer.inlineCallbacks was removed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12120\"\u003e#12120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrial no longer emits the error \u003ccode\u003eRuntimeWarning: TestResult has no addDuration method\u003c/code\u003e when running PyUnit tests. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12229\"\u003e#12229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.python.rebuild.rebuild() now handles changes to \u003ccode\u003esys.modules\u003c/code\u003e gracefully. Prior to the change, it could possibly raise a \u0026quot;dictionary changed size during iteration\u0026quot; error if the module list changed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12458\"\u003e#12458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.protocol.ReconnectingClientFactory: Don't multiply by \u003ccode\u003efactor\u003c/code\u003e for initial delay, but use \u003ccode\u003einitialDelay\u003c/code\u003e directly. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12478\"\u003e#12478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12500\"\u003e#12500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.testing.MemoryReactor.callWhenRunning\u003c/code\u003e now invokes the callback immediately, if already started. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12514\"\u003e#12514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTwisted now correctly detects EOF on OpenSSL 4. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12632\"\u003e#12632\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe example code from the documentation describing how to create a custom DNS server was updated to Python3. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eType annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12556\"\u003e#12556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/blob/trunk/NEWS.rst\"\u003etwisted's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis file contains the release notes for Twisted.\u003c/p\u003e\n\u003cp\u003eIt only contains high-level changes that are of interest to Twisted library users.\nUsers of Twisted should check the notes before planning an upgrade.\u003c/p\u003e\n\u003cp\u003eTicket numbers in this file can be looked up by visiting\n\u003ca href=\"https://twisted.org/trac/ticket/\"\u003ehttps://twisted.org/trac/ticket/\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003e.. towncrier release notes start\u003c/p\u003e\n\u003ch1\u003eTwis...\n\n_Description has been truncated_","html_url":"https://github.com/Jackblanket847/mongo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jackblanket847%2Fmongo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4481217629","node_id":"PR_kwDOQtfFwc7dQyNi","number":24,"state":"closed","title":"chore(deps): bump the pip group across 14 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T23:19:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T21:33:34.000Z","updated_at":"2026-05-28T23:19:58.000Z","time_to_close":783983,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":12,"packages":[{"name":"google-cloud-aiplatform","old_version":"1.87.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"4.25.8","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"1.26.20","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /gemini/sample-apps/genwealth/function-scripts/analyze-prospectus directory: [langchain-core](https://github.com/langchain-ai/langchain).\nBumps the pip group with 1 update in the /gemini/sample-apps/genwealth/function-scripts/process-pdf directory: [langchain-core](https://github.com/langchain-ai/langchain).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/document-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [pillow](https://github.com/python-pillow/Pillow), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [pillow](https://github.com/python-pillow/Pillow), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 2 updates in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest) and [pydantic-ai](https://github.com/pydantic/pydantic-ai).\nBumps the pip group with 6 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.7.0` |\n\nBumps the pip group with 4 updates in the /search/cloud-function/python directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.69.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix RagManagedVertexVectorSearch when using backend_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/df0976ed3195dc8313f4728bc5ecb29dda55d467\"\u003edf0976e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - patch for vulnerability in visualization (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480\"\u003e8a00d43\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/78f2bdd08bae0696923e61ab73080b5846c67ae0\"\u003e\u003ccode\u003e78f2bdd\u003c/code\u003e\u003c/a\u003e chore(main): release 1.133.0 (\u003ca href=\"https://redirect.github.com/googleapis/python-aiplatform/issues/6211\"\u003e#6211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003e\u003ccode\u003ec8c0f0f\u003c/code\u003e\u003c/a\u003e fix: Add None check for agent_info in evals.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/9952b970b73cfe38e68c48b3699ee4e1df0264df\"\u003e\u003ccode\u003e9952b97\u003c/code\u003e\u003c/a\u003e chore: rollback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e\u003ccode\u003e83f4076\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/937d5af6b9bdbbe3b50181745c99550f124ad8b4\"\u003e\u003ccode\u003e937d5af\u003c/code\u003e\u003c/a\u003e Copybara import of the project:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/aaaf902be02747cd2281196aad6278df0fd11f7e\"\u003e\u003ccode\u003eaaaf902\u003c/code\u003e\u003c/a\u003e chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e\u003ccode\u003e8c876ef\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e\u003ccode\u003e5448f06\u003c/code\u003e\u003c/a\u003e fix: Require uri or staging bucket configuration for saving model to Vertex E...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e\u003ccode\u003e65717fa\u003c/code\u003e\u003c/a\u003e feat: GenAI SDK client(memory): Add enable_third_person_memories\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003e\u003ccode\u003ebe2eaaa\u003c/code\u003e\u003c/a\u003e fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.69.0...v1.133.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.9 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.26.16 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.26.16...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.69.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RE...\n\n_Description has been truncated_","html_url":"https://github.com/mayoubm1/TTS-STT-Gemini-OS-generative-ai/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mayoubm1%2FTTS-STT-Gemini-OS-generative-ai/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"},{"uuid":"4459046943","node_id":"PR_kwDOF1l8-M7cK7Fr","number":28186,"state":"open","title":"chore(deps): bump pyasn1 from 0.6.2 to 0.6.3 in /ingestion","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T07:08:01.000Z","updated_at":"2026-05-16T07:08:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":"/ingestion","ecosystem":"pip"},"body":"Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.2 to 0.6.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyasn1\u0026package-manager=pip\u0026previous-version=0.6.2\u0026new-version=0.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-metadata/OpenMetadata/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/open-metadata/OpenMetadata/pull/28186","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2FOpenMetadata/issues/28186","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28186/packages"},{"uuid":"4444215273","node_id":"PR_kwDOPbmR4M7bbhlF","number":40,"state":"open","title":"build(deps): bump the uv group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T07:54:10.000Z","updated_at":"2026-05-14T07:54:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":6,"packages":[{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"orjson","old_version":"3.10.15","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"cryptography","old_version":"43.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pypdf","old_version":"5.1.0","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"deepdiff","old_version":"8.5.0","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.15` | `3.11.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `43.0.3` | `46.0.7` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `5.1.0` | `6.10.2` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.5.0` | `8.6.2` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.10.15 to 3.11.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.6\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish PyPI wheels for CPython 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003estr\u003c/code\u003e on big-endian architectures.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.6 - 2026-01-29\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5 - 2025-12-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4 - 2025-10-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2 - 2025-08-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad\"\u003e\u003ccode\u003eec02024\u003c/code\u003e\u003c/a\u003e 3.11.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6\"\u003e\u003ccode\u003ed581687\u003c/code\u003e\u003c/a\u003e build, clippy misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2\"\u003e\u003ccode\u003e4105b29\u003c/code\u003e\u003c/a\u003e writer::num\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370\"\u003e\u003ccode\u003e62bb185\u003c/code\u003e\u003c/a\u003e Fix sporadic crash on serializing object close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad\"\u003e\u003ccode\u003ed860078\u003c/code\u003e\u003c/a\u003e PyRef idiom refactors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8\"\u003e\u003ccode\u003e343ae2f\u003c/code\u003e\u003c/a\u003e Deserializer, Utf8Buffer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2\"\u003e\u003ccode\u003e7835f58\u003c/code\u003e\u003c/a\u003e PyBytesRef and other input refactor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd\"\u003e\u003ccode\u003e71e0516\u003c/code\u003e\u003c/a\u003e PyStrRef\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94\"\u003e\u003ccode\u003e1096df4\u003c/code\u003e\u003c/a\u003e MSRV 1.89\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771\"\u003e\u003ccode\u003eb718e75\u003c/code\u003e\u003c/a\u003e Drop support for python3.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ijl/orjson/compare/3.10.15...3.11.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 5.1.0 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/5.1.0...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.5.0 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.5.0...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/langflow/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n📦 This PR updates 6 Python dependencies in the uv group, including significant version bumps for cryptography (43.0.3 → 46.0.7) and pypdf (5.1.0 → 6.10.2), along with important security fixes across multiple packages.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Multiple CVE fixes including CVE-2026-25645 (requests), CVE-2026-39892 (cryptography), CVE-2025-58367 (deepdiff), and CVE-2026-30922 (pyasn1)\n- **Major Version Bumps**: pypdf upgraded from 5.1.0 to 6.10.2 (major version change), cryptography from 43.0.3 to 46.0.7 (major version change)\n- **Minor Updates**: requests (2.32.4 → 2.33.0), orjson (3.10.15 → 3.11.6), deepdiff (8.5.0 → 8.6.2), pyasn1 (0.6.1 → 0.6.3)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 6 Dependencies]\n    B --\u003e C[Security Vulnerabilities]\n    B --\u003e D[Feature Updates]\n    C --\u003e E[CVE Fixes]\n    D --\u003e F[Performance Improvements]\n    E --\u003e G[Updated Dependencies]\n    F --\u003e G\n    G --\u003e H[Automated PR Creation]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including buffer overflow prevention, malicious file replacement protection, and stack overflow prevention\n- **Feature Improvements**: Adds inline types support in requests, improved JSON serialization in orjson, and enhanced PDF processing capabilities in pypdf\n- **Compatibility Updates**: Drops Python 3.9 support in some packages while adding Python 3.14 support, migrates to modern build systems (PEP 517)\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/langflow/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Flangflow/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"},{"uuid":"4431380655","node_id":"PR_kwDOQpC-os7ayW8t","number":6,"state":"closed","title":"build(deps): bump the pip group across 8 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-16T01:58:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T17:48:46.000Z","updated_at":"2026-06-16T01:58:42.000Z","time_to_close":2966995,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":10,"packages":[{"name":"pytest","old_version":"7.3.1","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"azure-core","old_version":"1.30.2","new_version":"1.38.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"cryptography","old_version":"44.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"protobuf","old_version":"5.29.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.4.8","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /src/win32/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 1 update in the /src/wazuh_modules/vulnerability_scanner/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 3 updates in the /src/wazuh_modules/inventory_sync/qa directory: [pytest](https://github.com/pytest-dev/pytest), [requests](https://github.com/psf/requests) and [pycryptodome](https://github.com/Legrandin/pycryptodome).\nBumps the pip group with 1 update in the /src/shared_modules/keystore/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 1 update in the /src/shared_modules/indexer_connector/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 1 update in the /src/engine/tools/evtx2xml directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /src/data_provider/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 9 updates in the /framework directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.3.1` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.30.2` | `1.38.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.1` | `46.0.7` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pycryptodome` from 3.19.0 to 3.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Legrandin/pycryptodome/releases\"\u003epycryptodome's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.19.1 - Zeil\u003c/h2\u003e\n\u003ch2\u003eResolved issues\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a side-channel leakage with OAEP decryption that could be\nexploited to carry out a Manger attack. Thanks to Hubert Kario.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst\"\u003epycryptodome's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.19.1 (28 December 2023)\n++++++++++++++++++++++++++\u003c/p\u003e\n\u003ch2\u003eResolved issues\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a side-channel leakage with OAEP decryption that could be\nexploited to carry out a Manger attack (CVE-2023-52323). Thanks to Hubert Kario.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/ef270ab436bddb437f8de122085bcf26dc9ad904\"\u003e\u003ccode\u003eef270ab\u003c/code\u003e\u003c/a\u003e Update wheels action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/3278edd0e99d1a45231de4b4b2a77b50963431e9\"\u003e\u003ccode\u003e3278edd\u003c/code\u003e\u003c/a\u003e Update changelog and version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/10e8216079e6965eddac4bf293c3049a8b76b5d7\"\u003e\u003ccode\u003e10e8216\u003c/code\u003e\u003c/a\u003e Update PSS verify signature code example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/4ec4b85c65210a2809974b2fd1e6677cf2b0fc57\"\u003e\u003ccode\u003e4ec4b85\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd\"\u003e\u003ccode\u003e0deea1b\u003c/code\u003e\u003c/a\u003e Use constant-time (faster) padding decoding also for OAEP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/519e7aea6de4e8f03b62c6e1dba724aca738882e\"\u003e\u003ccode\u003e519e7ae\u003c/code\u003e\u003c/a\u003e Avoid changing signature of RSA._decrypt() method if possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/1aa9dca20cd9485c8bcef2ecfdd05d407ae9edb7\"\u003e\u003ccode\u003e1aa9dca\u003c/code\u003e\u003c/a\u003e Update changelog and bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/afb5e27a15efe59e33c2825d40ef44995c13b8bc\"\u003e\u003ccode\u003eafb5e27\u003c/code\u003e\u003c/a\u003e Fix side-channel leakage in RSA decryption\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/ee91c677a0862914aa7c0bf5829dc59306a93630\"\u003e\u003ccode\u003eee91c67\u003c/code\u003e\u003c/a\u003e Update CMAC.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/43a466d170a5e28187732b90b2a7594ab06b6c6d\"\u003e\u003ccode\u003e43a466d\u003c/code\u003e\u003c/a\u003e Fix small \u0026quot;passes\u0026quot; typo.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Legrandin/pycryptodome/compare/v3.19.0...v3.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.3.1 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e ...\n\n_Description has been truncated_","html_url":"https://github.com/samuelrizerio/wazuh/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/samuelrizerio%2Fwazuh/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4425631693","node_id":"PR_kwDOKpU2Js7afjt4","number":5,"state":"closed","title":"Bump the pip group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T01:27:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T02:05:09.000Z","updated_at":"2026-05-20T01:27:15.000Z","time_to_close":688924,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":10,"packages":[{"name":"certifi","old_version":"2023.7.22","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.4","new_version":"3.7","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.5.0","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.0.7","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.0.1","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"wheel","old_version":"0.41.3","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"setuptools","old_version":"68.2.2","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"zipp","old_version":"3.17.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.7.4` |\n| [idna](https://github.com/kjd/idna) | `3.4` | `3.7` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.0` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.0.7` | `2.7.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.41.3` | `0.46.2` |\n| [setuptools](https://github.com/pypa/setuptools) | `68.2.2` | `78.1.1` |\n| [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` |\n\n\nUpdates `certifi` from 2023.7.22 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2023.07.22...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.4 to 3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.7 (2024-04-11)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e3.6 (2023-11-25)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression to include tests in source distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.5 (2023-11-24)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 15.1.0\u003c/li\u003e\n\u003cli\u003eString codec name is now \u0026quot;idna2008\u0026quot; as overriding the system codec\n\u0026quot;idna\u0026quot; was not working.\u003c/li\u003e\n\u003cli\u003eFix typing error for codec encoding\u003c/li\u003e\n\u003cli\u003e\u0026quot;setup.cfg\u0026quot; has been added for this release due to some downstream\nlack of adherence to PEP 517. Should be removed in a future release\nso please prepare accordingly.\u003c/li\u003e\n\u003cli\u003eRemoved reliance on a symlink for the \u0026quot;idna-data\u0026quot; tool to comport\nwith PEP 517 and the Python Packaging User Guide for sdist archives.\u003c/li\u003e\n\u003cli\u003eAdded security reporting protocol for project\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions\nto this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"\u003e\u003ccode\u003e1d365e1\u003c/code\u003e\u003c/a\u003e Release v3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6\"\u003e\u003ccode\u003ec1b3154\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/172\"\u003e#172\u003c/a\u003e from kjd/optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623\"\u003e\u003ccode\u003e0394ec7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966\"\u003e\u003ccode\u003ecd58a23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/152\"\u003e#152\u003c/a\u003e from elliotwutingfeng/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7\"\u003e\u003ccode\u003e5beb28b\u003c/code\u003e\u003c/a\u003e More efficient resolution of joiner contexts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b\"\u003e\u003ccode\u003e1b12148\u003c/code\u003e\u003c/a\u003e Update ossf/scorecard-action to v2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067\"\u003e\u003ccode\u003ed516b87\u003c/code\u003e\u003c/a\u003e Update Github actions/checkout to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7\"\u003e\u003ccode\u003ec095c75\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98\"\u003e\u003ccode\u003e60a0a4c\u003c/code\u003e\u003c/a\u003e Fix typo in GitHub Actions workflow key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201\"\u003e\u003ccode\u003e5918a0e\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.4...v3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.23.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.5.0 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.1\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eCleaned Python 2-related code.\u003c/li\u003e\n\u003cli\u003eRemoved bdist_wheel universal flag from setup.cfg.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.0\u003c/h2\u003e\n\u003cp\u003eIt's a major release where we drop Python 2 support entirely.\nThe most significant changes are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved support for EOL Python 2.7, 3.6, 3.7\u003c/li\u003e\n\u003cli\u003eAdded support for previously missing \u003ccode\u003eRELATIVE-OID\u003c/code\u003e construct\u003c/li\u003e\n\u003cli\u003eUpdated link to Layman's Guide\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/etingof/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.5.1\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for PyPy 3.10 and Python 3.12\u003c/li\u003e\n\u003cli\u003eUpdated RTD configuration to include a dummy index.rst redirecting to contents.html, ensuring compatibility with third-party documentation and search indexes.\u003c/li\u003e\n\u003cli\u003eFixed the API breakage wih decoder.decode(substrateFun=...).\nA substrateFun passed to \u003ccode\u003edecoder.decode()\u003c/code\u003e can now be either v0.4 Non-Streaming or v0.5 Streaming.\npyasn1 will detect and handle both cases transparently.\nA substrateFun passed to one of the new streaming decoders is still expected to be v0.5 Streaming only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.1, released 10-09-2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.13 and updated GitHub Actions\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/73\"\u003e#73\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/73/\"\u003epyasn1/pyasn1#73\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved Python 2 support and related code\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/62\"\u003e#62\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/62/\"\u003epyasn1/pyasn1#62\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/61\"\u003e#61\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/61/\"\u003epyasn1/pyasn1#61\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/60\"\u003e#60\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/60/\"\u003epyasn1/pyasn1#60\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error handling and consistency\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/71\"\u003e#71\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/71/\"\u003epyasn1/pyasn1#71\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/70\"\u003e#70\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/70/\"\u003epyasn1/pyasn1#70\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuntime deprecation of \u003ccode\u003etagMap\u003c/code\u003e and \u003ccode\u003etypeMap\u003c/code\u003e aliases\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/72\"\u003e#72\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/72/\"\u003epyasn1/pyasn1#72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed duplicated and missing declarations\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/64\"\u003e#64\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/64/\"\u003epyasn1/pyasn1#64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCleaned documentation and comments\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/63\"\u003e#63\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/63/\"\u003epyasn1/pyasn1#63\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved bdist_wheel universal flag from setup.cfg\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/69\"\u003e#69\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/69/\"\u003epyasn1/pyasn1#69\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.5.0...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.0.7 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.0.7...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.1 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.1...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.41.3 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRefactored the \u003ccode\u003econvert\u003c/code\u003e command to not need setuptools to be installed\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't configure setuptools logging unless running \u003ccode\u003ebdist_wheel\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a redirection from \u003ccode\u003ewheel.bdist_wheel.bdist_wheel\u003c/code\u003e to \u003ccode\u003esetuptools.command.bdist_wheel.bdist_wheel\u003c/code\u003e to improve compatibility with \u003ccode\u003esetuptools\u003c/code\u003e' latest fixes.\u003c/p\u003e\n\u003cp\u003eProjects are still advised to migrate away from the deprecated module and import the \u003ccode\u003esetuptools\u003c/code\u003e' implementation explicitly. (PR by \u003ca href=\"https://github.com/abravalheri\"\u003e\u003ccode\u003e@​abravalheri\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCanonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)\u003c/li\u003e\n\u003cli\u003eDeprecated the \u003ccode\u003ebdist_wheel\u003c/code\u003e module, as the code was migrated to \u003ccode\u003esetuptools\u003c/code\u003e itself\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.43.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7\u003c/li\u003e\n\u003cli\u003eUpdated vendored \u003ccode\u003epackaging\u003c/code\u003e to 24.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.42.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllowed removing build tag with \u003ccode\u003ewheel tags --build \u0026quot;\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel pack\u003c/code\u003e and \u003ccode\u003ewheel tags\u003c/code\u003e writing updated \u003ccode\u003eWHEEL\u003c/code\u003e fields after a blank line, causing other tools to ignore them\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel pack\u003c/code\u003e and \u003ccode\u003ewheel tags\u003c/code\u003e writing \u003ccode\u003eWHEEL\u003c/code\u003e with CRLF line endings or a mix of CRLF and LF\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel pack --build-number \u0026quot;\u0026quot;\u003c/code\u003e not removing build tag from \u003ccode\u003eWHEEL\u003c/code\u003e (above changes by Benjamin Gilbert)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exc...\n\n_Description has been truncated_","html_url":"https://github.com/evgri243/tensorflow/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/evgri243%2Ftensorflow/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4410793646","node_id":"PR_kwDORdxBOc7ZwpRC","number":43,"state":"closed","title":"chore(deps): bump the pip group across 15 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-11T22:19:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T02:53:05.000Z","updated_at":"2026-05-11T22:19:40.000Z","time_to_close":242793,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":11,"packages":[{"name":"google-cloud-aiplatform","old_version":"1.87.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"protobuf","old_version":"4.25.8","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"urllib3","old_version":"1.26.20","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /gemini/multimodal-live-api/project-livewire/server directory: [python-dotenv](https://github.com/theskumar/python-dotenv) and [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /gemini/sample-apps/gemini-live-telephony-app directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the pip group with 1 update in the /gemini/sample-apps/genwealth/function-scripts/analyze-prospectus directory: [langchain-core](https://github.com/langchain-ai/langchain).\nBumps the pip group with 2 updates in the /gemini/sample-apps/genwealth/function-scripts/process-pdf directory: [langchain-core](https://github.com/langchain-ai/langchain) and [langchain-text-splitters](https://github.com/langchain-ai/langchain).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/document-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n\nBumps the pip group with 4 updates in the /search/cloud-function/python directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.9 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.0\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35318\"\u003e#35318\u003c/a\u003e)\nfix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35316\"\u003e#35316\u003c/a\u003e)\nchore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35279\"\u003e#35279\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35255\"\u003e#35255\u003c/a\u003e)\nstyle: bump ruff version to 0.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35042\"\u003e#35042\u003c/a\u003e)\nfix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35196\"\u003e#35196\u003c/a\u003e)\nfeat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35113\"\u003e#35113\u003c/a\u003e)\nchore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35162\"\u003e#35162\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 12 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35127\"\u003e#35127\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 8 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35120\"\u003e#35120\u003c/a\u003e)\nchore: add \u003ccode\u003emake type\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35015\"\u003e#35015\u003c/a\u003e)\nrevert: \u0026quot;chore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e\u0026quot; (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35013\"\u003e#35013\u003c/a\u003e)\nchore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35012\"\u003e#35012\u003c/a\u003e)\nfix(text-splitters): reverse preserved elements iterator in \u003ccode\u003eHTMLSemanticPreservingSplitter\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34080\"\u003e#34080\u003c/a\u003e)\nchore: enrich \u003ccode\u003epyproject.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34980\"\u003e#34980\u003c/a\u003e)\nchore(deps): bump the uv group across 20 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34941\"\u003e#34941\u003c/a\u003e)\nchore: upgrade urllib3 to 2.6.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34940\"\u003e#34940\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.9...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.69.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026qu...\n\n_Description has been truncated_","html_url":"https://github.com/Surfndez/generative-ai/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Surfndez%2Fgenerative-ai/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"},{"uuid":"4402644444","node_id":"PR_kwDOKc_0J87ZVv-T","number":3495,"state":"open","title":"chore(deps): bump the uv group across 3 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T23:36:39.000Z","updated_at":"2026-05-07T23:37:45.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":9,"packages":[{"name":"pytest","old_version":"8.3.3","new_version":"8.4.2","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"flask","old_version":"3.0.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.1","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.5","repository_url":"https://github.com/psf/requests"},{"name":"pip","old_version":"25.1.1","new_version":"26.0.1","repository_url":"https://github.com/pypa/pip"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /baml_language/sdks/python/rust/bridge_python directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 7 updates in the /integ-tests/python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `8.4.2` |\n| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.1` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.5` |\n| [pip](https://github.com/pypa/pip) | `25.1.1` | `26.0.1` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n\nBumps the uv group with 1 update in the /integ-tests/python-v1 directory: [pydantic](https://github.com/pydantic/pydantic).\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport reading .env from FIFOs (Unix) by \u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/586\"\u003etheskumar/python-dotenv#586\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CI to use trusted publishing on PyPI\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/586\"\u003etheskumar/python-dotenv#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.0...v1.2.1\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.0...v1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estyle: upgrade to use ruff by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/567\"\u003etheskumar/python-dotenv#567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse sys.exit() instead of exit() by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/568\"\u003etheskumar/python-dotenv#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:  add \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e flag to disable load_dotenv (fixes \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/510\"\u003e#510\u003c/a\u003e) by \u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/569\"\u003etheskumar/python-dotenv#569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded Python@3.14: Github CI \u0026amp; tox.ini by \u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/579\"\u003etheskumar/python-dotenv#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eocs: clarify what load_dotenv() does in README by \u003ca href=\"https://github.com/cybercoded\"\u003e\u003ccode\u003e@​cybercoded\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/575\"\u003etheskumar/python-dotenv#575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/577\"\u003etheskumar/python-dotenv#577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove project metadata and config to pyproject.toml by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/583\"\u003etheskumar/python-dotenv#583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/569\"\u003etheskumar/python-dotenv#569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/579\"\u003etheskumar/python-dotenv#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cybercoded\"\u003e\u003ccode\u003e@​cybercoded\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/575\"\u003etheskumar/python-dotenv#575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/583\"\u003etheskumar/python-dotenv#583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.0\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ensure find_dotenv work reliably on python 3.13 by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/563\"\u003etheskumar/python-dotenv#563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cli): issue with execvpe on Windows by \u003ca href=\"https://github.com/wrongontheinternet\"\u003e\u003ccode\u003e@​wrongontheinternet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/566\"\u003etheskumar/python-dotenv#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wrongontheinternet\"\u003e\u003ccode\u003e@​wrongontheinternet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/566\"\u003etheskumar/python-dotenv#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a security policy by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/512\"\u003etheskumar/python-dotenv#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKeep GitHub Actions up to date with GitHub's Dependabot by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/506\"\u003etheskumar/python-dotenv#506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: fix multiline string in test.yml \u0026amp; use fail-fast strategy by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/514\"\u003etheskumar/python-dotenv#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance dotenv run: Switch to execvpe for better resource management and signal handling by \u003ca href=\"https://github.com/eekstunt\"\u003e\u003ccode\u003e@​eekstunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/523\"\u003etheskumar/python-dotenv#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add py3.13 to test.yml by \u003ca href=\"https://github.com/waketzheng\"\u003e\u003ccode\u003e@​waketzheng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/527\"\u003etheskumar/python-dotenv#527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Python 3.13 trove classifier by \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/535\"\u003etheskumar/python-dotenv#535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/529\"\u003etheskumar/python-dotenv#529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for python 3.13 and drop 3.8 by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/551\"\u003etheskumar/python-dotenv#551\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update README.md by \u003ca href=\"https://github.com/chapeupreto\"\u003e\u003ccode\u003e@​chapeupreto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/516\"\u003etheskumar/python-dotenv#516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSome more s/Python-dotenv/python-dotenv/ by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/552\"\u003etheskumar/python-dotenv#552\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI: revert the use of execvpe on Windows by [\u003ca href=\"https://github.com/wrongontheinternet\"\u003e\u003ccode\u003e@​wrongontheinternet\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/566\"\u003e#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.0] - 2025-03-25\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for python 3.13\u003c/li\u003e\n\u003cli\u003eEnhance \u003ccode\u003edotenv run\u003c/code\u003e, switch to \u003ccode\u003eexecvpe\u003c/code\u003e for better resource management and signal handling (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/523\"\u003e#523\u003c/a\u003e) by [\u003ca href=\"https://github.com/eekstunt\"\u003e\u003ccode\u003e@​eekstunt\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003efind_dotenv\u003c/code\u003e and \u003ccode\u003eload_dotenv\u003c/code\u003e now correctly looks up at the current directory when running in debugger or pdb (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/553\"\u003e#553\u003c/a\u003e by [\u003ca href=\"https://github.com/randomseed42\"\u003e\u003ccode\u003e@​randomseed42\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eaf2a9129ccec6febda0f741eb3bb852c3f947bd\"\u003e\u003ccode\u003eeaf2a91\u003c/code\u003e\u003c/a\u003e Do not remove .coverage file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/8716196891532eeb67d24a513e8d975437f5e8b7\"\u003e\u003ccode\u003e8716196\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.0 → 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/b87807fcad6e74332c3c63a75c92ce5814fa7a55\"\u003e\u003ccode\u003eb87807f\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/3af77d3029eb717aeec0a3c25f751b6a614a6d3c\"\u003e\u003ccode\u003e3af77d3\u003c/code\u003e\u003c/a\u003e Support reading .env from FIFOs (Unix) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/467ee22fccb2fb7ccda71a0d9e37c6ea3cb8d993\"\u003e\u003ccode\u003e467ee22\u003c/code\u003e\u003c/a\u003e Fix test failures after moving config to pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/76999e741d87e958ebd74e3ae9834c0514e77a59\"\u003e\u003ccode\u003e76999e7\u003c/code\u003e\u003c/a\u003e Move more config pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/222ce2cc58ebc82ba78da8781269267b9f585932\"\u003e\u003ccode\u003e222ce2c\u003c/code\u003e\u003c/a\u003e Update to use trusted publisher on pypi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/8ed4f79d202eba582b44bdf1f5deb726dd68783d\"\u003e\u003ccode\u003e8ed4f79\u003c/code\u003e\u003c/a\u003e Update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/5bf882241c607445bf02cf5b241535d62e2b99c1\"\u003e\u003ccode\u003e5bf8822\u003c/code\u003e\u003c/a\u003e Bump version: 1.1.1 → 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1fe11cc737ee4399e9c51d1b69b0dd858f6b4669\"\u003e\u003ccode\u003e1fe11cc\u003c/code\u003e\u003c/a\u003e upadate changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.32.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b25c87d7cb8d6a18a37fa12442b5f883f9e41741\"\u003e\u003ccode\u003eb25c87d\u003c/code\u003e\u003c/a\u003e v2.32.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/131e506079d97606e4214cc4d87b780ac478de7a\"\u003e\u003ccode\u003e131e506\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/7010\"\u003e#7010\u003c/a\u003e from psf/dependabot/github_actions/actions/checkout-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b336cb2bc616a63a93c6470c558fc1f576b77f90\"\u003e\u003ccode\u003eb336cb2\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.0 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/46e939b5525d9c72b677340985582b04b128478a\"\u003e\u003ccode\u003e46e939b\u003c/code\u003e\u003c/a\u003e Update publish workflow to use \u003ccode\u003eartifact-id\u003c/code\u003e instead of \u003ccode\u003ename\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/4b9c546aa3f35fca6ca24945376fe7462bb007c4\"\u003e\u003ccode\u003e4b9c546\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6999\"\u003e#6999\u003c/a\u003e from psf/dependabot/github_actions/step-security/har...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7618dbef01d333f23ba4b9c4d97397b06dd89cb6\"\u003e\u003ccode\u003e7618dbe\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.12.0 to 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2edca11103c1c27dd8b572dab544b7f48cf3b446\"\u003e\u003ccode\u003e2edca11\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 and drop support for Python 3.8 (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6993\"\u003e#6993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/fec96cd5976ad763e45bac9a033d62cca1877a00\"\u003e\u003ccode\u003efec96cd\u003c/code\u003e\u003c/a\u003e Update Makefile rules (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6996\"\u003e#6996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d58d8aa2f45c3575268d6d5250745ef69f9cf8b7\"\u003e\u003ccode\u003ed58d8aa\u003c/code\u003e\u003c/a\u003e docs: clarify timeout parameter uses seconds in Session.request (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6994\"\u003e#6994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/91a3eabd3dcc4d7f36dd8249e4777a90ef9b4305\"\u003e\u003ccode\u003e91a3eab\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.28.5 to 3.29.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 25.1.1 to 26.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.0.1 (2026-02-04)\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e--pre\u003c/code\u003e not being respected from the command line when a requirement file\nincludes an option e.g. \u003ccode\u003e-extra-index-url\u003c/code\u003e. (\u003ccode\u003e[#13788](https://github.com/pypa/pip/issues/13788) \u0026lt;https://github.com/pypa/pip/issues/13788\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e26.0 (2026-01-30)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for non-bare project names in egg fragments. Affected users should use\nthe \u003ccode\u003eDirect URL requirement syntax \u0026lt;https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references\u0026gt;\u003c/code\u003e\u003cem\u003e. (\u003ccode\u003e[#13157](https://github.com/pypa/pip/issues/13157) \u0026lt;https://github.com/pypa/pip/issues/13157\u0026gt;\u003c/code\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisplay pip's command-line help in colour, if possible. (\u003ccode\u003e[#12134](https://github.com/pypa/pip/issues/12134) \u0026lt;https://github.com/pypa/pip/issues/12134\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport installing dependencies declared with inline script metadata\n(:pep:\u003ccode\u003e723\u003c/code\u003e) with \u003ccode\u003e--requirements-from-script\u003c/code\u003e. (\u003ccode\u003e[#12891](https://github.com/pypa/pip/issues/12891) \u0026lt;https://github.com/pypa/pip/issues/12891\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--all-releases\u003c/code\u003e and \u003ccode\u003e--only-final\u003c/code\u003e options to control pre-release\nand final release selection during package installation. (\u003ccode\u003e[#13221](https://github.com/pypa/pip/issues/13221) \u0026lt;https://github.com/pypa/pip/issues/13221\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e option to only consider packages uploaded prior to\na given datetime when the \u003ccode\u003eupload-time\u003c/code\u003e field is available from a remote index. (\u003ccode\u003e[#13625](https://github.com/pypa/pip/issues/13625) \u0026lt;https://github.com/pypa/pip/issues/13625\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--use-feature inprocess-build-deps\u003c/code\u003e to request that build dependencies are installed\nwithin the same pip install process. This new mechanism is faster, supports \u003ccode\u003e--no-clean\u003c/code\u003e\nand \u003ccode\u003e--no-cache-dir\u003c/code\u003e reliably, and supports prompting for authentication.\u003c/p\u003e\n\u003cp\u003eEnabling this feature will also enable \u003ccode\u003e--use-feature build-constraints\u003c/code\u003e. This feature will\nbecome the default in a future pip version. (\u003ccode\u003e[#9081](https://github.com/pypa/pip/issues/9081) \u0026lt;https://github.com/pypa/pip/issues/9081\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epip cache purge\u003c/code\u003e and \u003ccode\u003epip cache remove\u003c/code\u003e now clean up empty directories\nand legacy files left by older pip versions. (\u003ccode\u003e[#9058](https://github.com/pypa/pip/issues/9058) \u0026lt;https://github.com/pypa/pip/issues/9058\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix selecting pre-release versions when only pre-releases match.\nFor example, \u003ccode\u003epackage\u0026gt;1.0\u003c/code\u003e with versions \u003ccode\u003e1.0, 2.0rc1\u003c/code\u003e now installs\n\u003ccode\u003e2.0rc1\u003c/code\u003e instead of failing. (\u003ccode\u003e[#13746](https://github.com/pypa/pip/issues/13746) \u0026lt;https://github.com/pypa/pip/issues/13746\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRevisions in version control URLs now must be percent-encoded.\nFor example, use \u003ccode\u003egit+https://example.com/repo.git@issue%231\u003c/code\u003e to specify the branch \u003ccode\u003eissue#1\u003c/code\u003e.\nIf you previously used a branch name containing a \u003ccode\u003e%\u003c/code\u003e character in a version control URL, you now need to replace it with \u003ccode\u003e%25\u003c/code\u003e to ensure correct percent-encoding. (\u003ccode\u003e[#13407](https://github.com/pypa/pip/issues/13407) \u0026lt;https://github.com/pypa/pip/issues/13407\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePreserve original casing when a path is displayed. (\u003ccode\u003e[#6823](https://github.com/pypa/pip/issues/6823) \u0026lt;https://github.com/pypa/pip/issues/6823\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix bash completion when the \u003ccode\u003e$IFS\u003c/code\u003e variable has been modified from its default. (\u003ccode\u003e[#13555](https://github.com/pypa/pip/issues/13555) \u0026lt;https://github.com/pypa/pip/issues/13555\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePrecompute Python requirements on each candidate, reducing time of long resolutions. (\u003ccode\u003e[#13656](https://github.com/pypa/pip/issues/13656) \u0026lt;https://github.com/pypa/pip/issues/13656\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eSkip redundant work converting version objects to strings when using the\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/5fe4ea4f24cd9756316a4b5ef05daa15d84f7d0c\"\u003e\u003ccode\u003e5fe4ea4\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/bea3cbe3b4d637be6d5007e9a5a2327e500b00d8\"\u003e\u003ccode\u003ebea3cbe\u003c/code\u003e\u003c/a\u003e windows fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ed22252bd19a71ce351b84405fa23230ca45ceea\"\u003e\u003ccode\u003eed22252\u003c/code\u003e\u003c/a\u003e News Entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/af1327407f048bd2310b8b633f8e8a4e41c38d2c\"\u003e\u003ccode\u003eaf13274\u003c/code\u003e\u003c/a\u003e Match release control behavior to the same as format control behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f4d4a836ed00076001376fbb0ce6dc4f22cdae2\"\u003e\u003ccode\u003e2f4d4a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13779\"\u003e#13779\u003c/a\u003e from notatallshaw/fix-26.0-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/04307a42261749cfa1c86a5537ad88f44ed2a41a\"\u003e\u003ccode\u003e04307a4\u003c/code\u003e\u003c/a\u003e fix 26.0 news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/6ec7b0a488f614a7632442fe7c651957fdb5fc85\"\u003e\u003ccode\u003e6ec7b0a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13775\"\u003e#13775\u003c/a\u003e from notatallshaw/release/26.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/4104356cd83d1614af45d203d64cb84705dad9d2\"\u003e\u003ccode\u003e4104356\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/58be8836b68814295d33bc5c56c38d3a0659ae81\"\u003e\u003ccode\u003e58be883\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/66f2dece5ba9cc0ee9fe7035c46ba4b0756559b5\"\u003e\u003ccode\u003e66f2dec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13778\"\u003e#13778\u003c/a\u003e from ichard26/docs/groups\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.1.1...26.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.6 to 3.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.8\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.8/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.8/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-8\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/45?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/45?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e and \u003ccode\u003eget_host\u003c/code\u003e return the empty string if the header is missing or has invalid characters. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3142\"\u003e#3142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.7\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.7/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.7/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-7\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/44?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/44?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eparse_list_header\u003c/code\u003e preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3128\"\u003e#3128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWWWAuthenticate.to_header\u003c/code\u003e does not produce a trailing space when there are no parameters. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3127\"\u003e#3127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eTransfer-Encoding\u003c/code\u003e is parsed as a set. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3134\"\u003e#3134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e, \u003ccode\u003eget_host\u003c/code\u003e, and \u003ccode\u003ehost_is_trusted\u003c/code\u003e validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The \u003ccode\u003etrusted_list\u003c/code\u003e argument to \u003ccode\u003ehost_is_trusted\u003c/code\u003e is optional. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3113\"\u003e#3113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix multipart form parser handling of newline at boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3088\"\u003e#3088\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it is not a satisfiable range request. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3108\"\u003e#3108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emerge_slashes\u003c/code\u003e merges any number of consecutive slashes. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3121\"\u003e#3121\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.8\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e and \u003ccode\u003eget_host\u003c/code\u003e return the empty string if the header is\nmissing or has invalid characters. :issue:\u003ccode\u003e3142\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.7\u003c/h2\u003e\n\u003cp\u003eReleased 2026-03-23\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eparse_list_header\u003c/code\u003e preserves partially quoted items, discards empty\nitems, and returns empty for unclosed quoted values. :pr:\u003ccode\u003e3128\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWWWAuthenticate.to_header\u003c/code\u003e does not produce a trailing space when there\nare no parameters. :issue:\u003ccode\u003e3127\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eTransfer-Encoding\u003c/code\u003e is parsed as a set. :pr:\u003ccode\u003e3134\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e, \u003ccode\u003eget_host\u003c/code\u003e, and \u003ccode\u003ehost_is_trusted\u003c/code\u003e validate the\ncharacters of the value. An empty value is no longer allowed. A Unix socket\nserver address is ignored. The \u003ccode\u003etrusted_list\u003c/code\u003e argument to\n\u003ccode\u003ehost_is_trusted\u003c/code\u003e is optional. :pr:\u003ccode\u003e3113\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix multipart form parser handling of newline at boundary. :issue:\u003ccode\u003e3088\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emerge_slashes\u003c/code\u003e merges any number of consecutive slashes. :issue:\u003ccode\u003e3121\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/c1a26b45fb06d5e086b4d6be820c3302f588d815\"\u003e\u003ccode\u003ec1a26b4\u003c/code\u003e\u003c/a\u003e release version 3.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/7926f0bc3a0da01827e59c81d6da55f8f75a2eed\"\u003e\u003ccode\u003e7926f0b\u003c/code\u003e\u003c/a\u003e relax get_host strictness (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3148\"\u003e#3148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/deab88f61fa57d37d19f83ea438d4bdebb5a743c\"\u003e\u003ccode\u003edeab88f\u003c/code\u003e\u003c/a\u003e relax get_host strictness\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/65eb6398231fe94f32fbc765a74980ca61fe5d2b\"\u003e\u003ccode\u003e65eb639\u003c/code\u003e\u003c/a\u003e start version 3.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/7720b76b37b17a33e5414bddb992c92ba854f0e3\"\u003e\u003ccode\u003e7720b76\u003c/code\u003e\u003c/a\u003e release version 3.1.7 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3135\"\u003e#3135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/005d93bf3437226ab185d2edc6132918d3e45763\"\u003e\u003ccode\u003e005d93b\u003c/code\u003e\u003c/a\u003e release version 3.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/c328342ef9f7a6476b9e41565ad0a70ff10cfde6\"\u003e\u003ccode\u003ec328342\u003c/code\u003e\u003c/a\u003e merge any number of slashes (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/23142a3cb5d1b5ba8e9914980934477e0abdc30e\"\u003e\u003ccode\u003e23142a3\u003c/code\u003e\u003c/a\u003e merge any number of slashes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/b913d68db5898c8f3def3c09a653aaf95abe38e5\"\u003e\u003ccode\u003eb913d68\u003c/code\u003e\u003c/a\u003e always set accept-ranges header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f282943ddc687e613b7ee79b4677e4961c32ae15\"\u003e\u003ccode\u003ef282943\u003c/code\u003e\u003c/a\u003e Correct 1049dd6b2a363e1ef302b4161c340fb8582f627a\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compa...\n\n_Description has been truncated_","html_url":"https://github.com/BoundaryML/baml/pull/3495","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BoundaryML%2Fbaml/issues/3495","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3495/packages"},{"uuid":"4395147520","node_id":"PR_kwDOQtfFwc7Y9aDA","number":12,"state":"closed","title":"chore(deps): bump the uv group across 12 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T01:42:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T23:44:26.000Z","updated_at":"2026-05-09T01:42:51.000Z","time_to_close":179903,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":15,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 8 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.10.0` | `1.24.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_multiagent_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.2.1` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/mayoubm1/TTS-STT-Gemini-OS-generative-ai/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mayoubm1%2FTTS-STT-Gemini-OS-generative-ai/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4395141052","node_id":"PR_kwDOQrUBhs7Y9Yrd","number":7,"state":"closed","title":"chore(deps): bump the uv group across 11 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T00:24:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T23:42:36.000Z","updated_at":"2026-05-09T00:24:34.000Z","time_to_close":175316,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":15,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 8 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.10.0` | `1.24.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_multiagent_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed O...\n\n_Description has been truncated_","html_url":"https://github.com/4xiaxia/generative-ai/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/4xiaxia%2Fgenerative-ai/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4395138178","node_id":"PR_kwDOQrMXrc7Y9YFq","number":16,"state":"closed","title":"chore(deps): bump the uv group across 12 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T01:32:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T23:41:39.000Z","updated_at":"2026-05-09T01:32:33.000Z","time_to_close":179452,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":15,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 8 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.10.0` | `1.24.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_multiagent_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.2.1` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/AntwerpDesignsIonity/generative-ai/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntwerpDesignsIonity%2Fgenerative-ai/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4394612831","node_id":"PR_kwDOQrMXrc7Y7sMx","number":15,"state":"closed","title":"chore(deps): bump the uv group across 10 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T23:41:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T21:39:27.000Z","updated_at":"2026-05-06T23:41:45.000Z","time_to_close":7336,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 7 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.2.1` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81...\n\n_Description has been truncated_","html_url":"https://github.com/AntwerpDesignsIonity/generative-ai/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntwerpDesignsIonity%2Fgenerative-ai/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4394612396","node_id":"PR_kwDOQrUBhs7Y7sHE","number":6,"state":"closed","title":"chore(deps): bump the uv group across 9 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T23:42:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T21:39:23.000Z","updated_at":"2026-05-06T23:42:42.000Z","time_to_close":7397,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 7 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https:...\n\n_Description has been truncated_","html_url":"https://github.com/4xiaxia/generative-ai/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/4xiaxia%2Fgenerative-ai/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4392856629","node_id":"PR_kwDOQrUBhs7Y18PJ","number":5,"state":"closed","title":"chore(deps): bump the uv group across 7 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T21:39:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T16:15:28.000Z","updated_at":"2026-05-06T21:39:29.000Z","time_to_close":19439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [gunicorn](https://github.com/benoitc/gunicorn) and [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest), [flask](https://github.com/pallets/flask) and [python-dotenv](https://github.com/theskumar/python-dotenv).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.26.16 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/c...\n\n_Description has been truncated_","html_url":"https://github.com/4xiaxia/generative-ai/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/4xiaxia%2Fgenerative-ai/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4362059023","node_id":"PR_kwDOBc_aAM7XTY_O","number":711,"state":"closed","title":"Bump the dependencies group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-01T00:13:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-01T00:15:08.000Z","updated_at":"2026-06-01T00:13:43.000Z","time_to_close":2678313,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":25,"packages":[{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.4.22","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"imagesize","old_version":"1.4.1","new_version":"2.0.0","repository_url":"https://github.com/shibukawa/imagesize_py"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"tomli","old_version":"2.4.0","new_version":"2.4.1","repository_url":"https://github.com/hukkin/tomli"},{"name":"attrs","old_version":"25.4.0","new_version":"26.1.0","repository_url":"https://github.com/python-attrs/attrs"},{"name":"black","old_version":"26.1.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"filelock","old_version":"3.24.3","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"librt","old_version":"0.8.1","new_version":"0.9.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mypy","old_version":"1.19.1","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"nox","old_version":"2026.2.9","new_version":"2026.4.10","repository_url":"https://github.com/wntrblm/nox"},{"name":"pathspec","old_version":"1.0.4","new_version":"1.1.1","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.9.2","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-discovery","old_version":"1.1.0","new_version":"1.2.2","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"types-cffi","old_version":"1.17.0.20250915","new_version":"2.0.0.20260429","repository_url":"https://github.com/python/typeshed"},{"name":"types-setuptools","old_version":"82.0.0.20260210","new_version":"82.0.0.20260408","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.1.0","new_version":"21.3.0","repository_url":"https://github.com/pypa/virtualenv"},{"name":"coverage","old_version":"7.13.4","new_version":"7.13.5","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.1.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 25 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.4.22` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [imagesize](https://github.com/shibukawa/imagesize_py) | `1.4.1` | `2.0.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [tomli](https://github.com/hukkin/tomli) | `2.4.0` | `2.4.1` |\n| [attrs](https://github.com/python-attrs/attrs) | `25.4.0` | `26.1.0` |\n| [black](https://github.com/psf/black) | `26.1.0` | `26.3.1` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.3` | `3.29.0` |\n| [librt](https://github.com/mypyc/librt) | `0.8.1` | `0.9.0` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.2` |\n| [nox](https://github.com/wntrblm/nox) | `2026.2.9` | `2026.4.10` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.4` | `1.1.1` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.2` | `4.9.6` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.1.0` | `1.2.2` |\n| [types-cffi](https://github.com/python/typeshed) | `1.17.0.20250915` | `2.0.0.20260429` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260210` | `82.0.0.20260408` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.1.0` | `21.3.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.3.0` | `26.1.0` |\n\n\nUpdates `idna` from 3.11 to 3.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.13 (2026-04-22)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.12 (2026-04-21)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0\"\u003e\u003ccode\u003e89cdfd2\u003c/code\u003e\u003c/a\u003e Release v3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891\"\u003e\u003ccode\u003e1eb0686\u003c/code\u003e\u003c/a\u003e Pre-release 3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e\"\u003e\u003ccode\u003e5f20d1e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/220\"\u003e#220\u003c/a\u003e from kjd/unicode-next\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810\"\u003e\u003ccode\u003e4ea8425\u003c/code\u003e\u003c/a\u003e Regenerate idnadata.py with correct NFKC_CF data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41\"\u003e\u003ccode\u003efd47341\u003c/code\u003e\u003c/a\u003e Use NFKC_CF from Unicode data files instead of Python's unicodedata module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467\"\u003e\u003ccode\u003ea5304a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/219\"\u003e#219\u003c/a\u003e from kjd/release-3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6\"\u003e\u003ccode\u003ed80d6f9\u003c/code\u003e\u003c/a\u003e Release v3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291\"\u003e\u003ccode\u003e1bb44dd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/218\"\u003e#218\u003c/a\u003e from kjd/release-candidate-3.12rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b\"\u003e\u003ccode\u003e909c49d\u003c/code\u003e\u003c/a\u003e Release candidate for 3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d\"\u003e\u003ccode\u003ec5459a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/217\"\u003e#217\u003c/a\u003e from kjd/housekeeping-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.2.25 to 2026.4.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.02.25...2026.04.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `imagesize` from 1.4.1 to 2.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/5ab28d47b96d6a0738ec036034919a739b4d64da\"\u003e\u003ccode\u003e5ab28d4\u003c/code\u003e\u003c/a\u003e bump module version to 2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/63d6afb8e24b9f9d599f7a15fa50ebc7964ad7c7\"\u003e\u003ccode\u003e63d6afb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/82\"\u003e#82\u003c/a\u003e from shibukawa/codex/update-readme-and-setup-instructi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/294606629eaf3950290de90a4b1ab9aaed7c89c3\"\u003e\u003ccode\u003e2946066\u003c/code\u003e\u003c/a\u003e docs: clarify EXIF orientation formats in v2.0 notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/53eff2e3ab713b81883003bbd4eca586cc592431\"\u003e\u003ccode\u003e53eff2e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/81\"\u003e#81\u003c/a\u003e from shibukawa/codex/refactor-code-to-reduce-duplication\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/ac14f2af0208f9d57780d86ff619a32f80b90109\"\u003e\u003ccode\u003eac14f2a\u003c/code\u003e\u003c/a\u003e Refactor duplicated JPEG segment parsing logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/48ab954c707642d06081c8b5eae53b61b410715a\"\u003e\u003ccode\u003e48ab954\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/80\"\u003e#80\u003c/a\u003e from shibukawa/codex/add-avif-exif-rotation-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/5cada1084cc21621541216810ecaf4514ca0e60b\"\u003e\u003ccode\u003e5cada10\u003c/code\u003e\u003c/a\u003e Add AVIF EXIF rotation support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/232c6d5204e38d5a288114c098304cc2f8358f69\"\u003e\u003ccode\u003e232c6d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/79\"\u003e#79\u003c/a\u003e from shibukawa/codex/add-heic/heif-support-and-rotation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/324c970eb6c8d5326a6e3e16216ed2d498358219\"\u003e\u003ccode\u003e324c970\u003c/code\u003e\u003c/a\u003e Add HEIC/HEIF size and rotation support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/7b7bb5f720401332eba12e93ad2e31d1bbc01cd4\"\u003e\u003ccode\u003e7b7bb5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/78\"\u003e#78\u003c/a\u003e from shibukawa/codex/add-pypi-link-and-python-version-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shibukawa/imagesize_py/compare/1.4.1...2.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `packaging` from 26.0 to 26.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/releases\"\u003epackaging's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten by \u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) by \u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1168\"\u003epypa/packaging#1168\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1170\"\u003epypa/packaging#1170\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1171\"\u003epypa/packaging#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: re-export ExceptionGroup for now by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1164\"\u003epypa/packaging#1164\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edocs: add errors section and fix missing details by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1159\"\u003epypa/packaging#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(dev): document property-based test suite by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1167\"\u003epypa/packaging#1167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in DirectUrl documentation by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1169\"\u003epypa/packaging#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(specifiers): add is_unsatisfiable() usage example by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1166\"\u003epypa/packaging#1166\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1158\"\u003epypa/packaging#1158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1174\"\u003epypa/packaging#1174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse native uv integration in rtd by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1175\"\u003epypa/packaging#1175\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pypa/packaging/compare/26.1...26.2\"\u003ehttps://github.com/pypa/packaging/compare/26.1...26.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e26.1\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cdel\u003ePEP 783: add handling for Emscripten wheel tags by \u003ca href=\"https://github.com/hoodmane\"\u003e\u003ccode\u003e@​hoodmane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/804\"\u003epypa/packaging#804\u003c/a\u003e\u003c/del\u003e (old name used in implementation, will be fixed in next release)\u003c/li\u003e\n\u003cli\u003ePEP 803: add handling for the \u003ccode\u003eabi3.abi3t\u003c/code\u003e free-threading tag by \u003ca href=\"https://github.com/ngoldbaum\"\u003e\u003ccode\u003e@​ngoldbaum\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1099\"\u003epypa/packaging#1099\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePEP 723: add \u003ccode\u003epackaging.dependency_groups\u003c/code\u003e module, based on the \u003ccode\u003edependency-groups\u003c/code\u003e package by \u003ca href=\"https://github.com/sirosen\"\u003e\u003ccode\u003e@​sirosen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1065\"\u003epypa/packaging#1065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.direct_url\u003c/code\u003e module by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/944\"\u003epypa/packaging#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.errors\u003c/code\u003e module by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1071\"\u003epypa/packaging#1071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSpecifierSet.is_unsatisfiable\u003c/code\u003e using ranges (new internals that will be expanded in future versions) by \u003ca href=\"https://github.com/notatallshaw\"\u003e\u003ccode\u003e@​notatallshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1119\"\u003epypa/packaging#1119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecreate_compatible_tags_selector\u003c/code\u003e to select compatible tags by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1110\"\u003epypa/packaging#1110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a \u003ccode\u003ekey\u003c/code\u003e argument to \u003ccode\u003eSpecifierSet.filter()\u003c/code\u003e by \u003ca href=\"https://github.com/frostming\"\u003e\u003ccode\u003e@​frostming\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1068\"\u003epypa/packaging#1068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003e\u0026amp;\u003c/code\u003e and \u003ccode\u003e|\u003c/code\u003e for \u003ccode\u003eMarker\u003c/code\u003e's by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1146\"\u003epypa/packaging#1146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNormalize \u003ccode\u003eVersion.__replace__\u003c/code\u003e and add \u003ccode\u003eVersion.from_parts\u003c/code\u003e by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1078\"\u003epypa/packaging#1078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd an option to validate compressed tag set sort order in \u003ccode\u003eparse_wheel_filename\u003c/code\u003e by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1150\"\u003epypa/packaging#1150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBehavior adaptations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNarrow exclusion of pre-releases for \u003ccode\u003e\u0026lt;V.postN\u003c/code\u003e to match spec by \u003ca href=\"https://github.com/notatallshaw\"\u003e\u003ccode\u003e@​notatallshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1140\"\u003epypa/packaging#1140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/blob/main/CHANGELOG.rst\"\u003epackaging's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e26.2 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nFixes:\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten in (:pull:\u003ccode\u003e1160\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\u003cbr /\u003e\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\u003cbr /\u003e\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) (:pull:\u003ccode\u003e1163\u003c/code\u003e, :pull:\u003ccode\u003e1168\u003c/code\u003e, :pull:\u003ccode\u003e1170\u003c/code\u003e, :pull:\u003ccode\u003e1171\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRe-export \u003ccode\u003eExceptionGroup\u003c/code\u003e in metadata for now in (:pull:\u003ccode\u003e1164\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd errors section and fix missing details in (:pull:\u003ccode\u003e1159\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eDocument our property-based test suite in (:pull:\u003ccode\u003e1167\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix a \u003ccode\u003eDirectUrl\u003c/code\u003e typo in (:pull:\u003ccode\u003e1167\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd example of \u003ccode\u003eis_unsatisfiable\u003c/code\u003e in (:pull:\u003ccode\u003e1166\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor in (:pull:\u003ccode\u003e1158\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees in (:pull:\u003ccode\u003e1174\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eUse new native ReadTheDocs uv integration in (:pull:\u003ccode\u003e1175\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e26.1 - 2026-04-14\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePEP 783: add handling for Emscripten wheel tags in (:pull:\u003ccode\u003e804\u003c/code\u003e) (old name used in implementation, fixed in next release)\u003c/li\u003e\n\u003cli\u003ePEP 803: add handling for the \u003ccode\u003eabi3.abi3t\u003c/code\u003e free-threading tag in (:pull:\u003ccode\u003e1099\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 723: add \u003ccode\u003epackaging.dependency_groups\u003c/code\u003e module, based on the \u003ccode\u003edependency-groups\u003c/code\u003e package in (:pull:\u003ccode\u003e1065\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.direct_url\u003c/code\u003e module in (:pull:\u003ccode\u003e944\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.errors\u003c/code\u003e module in (:pull:\u003ccode\u003e1071\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSpecifierSet.is_unsatisfiable\u003c/code\u003e using ranges (new internals that will be expanded in future versions) in (:pull:\u003ccode\u003e1119\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecreate_compatible_tags_selector\u003c/code\u003e to select compatible tags in (:pull:\u003ccode\u003e1110\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a \u003ccode\u003ekey\u003c/code\u003e argument to \u003ccode\u003eSpecifierSet.filter()\u003c/code\u003e in (:pull:\u003ccode\u003e1068\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003e\u0026amp;\u003c/code\u003e and \u003ccode\u003e|\u003c/code\u003e for \u003ccode\u003eMarker\u003c/code\u003e's in (:pull:\u003ccode\u003e1146\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eNormalize \u003ccode\u003eVersion.__replace__\u003c/code\u003e and add \u003ccode\u003eVersion.from_parts\u003c/code\u003e in (:pull:\u003ccode\u003e1078\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to validate compressed tag set sort order in \u003ccode\u003eparse_wheel_filename\u003c/code\u003e in (:pull:\u003ccode\u003e1150\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBehavior adaptations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNarrow exclusion of pre-releases for \u003ccode\u003e\u0026lt;V.postN\u003c/code\u003e to match spec in (:pull:\u003ccode\u003e1140\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eNarrow exclusion of post-releases for \u003ccode\u003e\u0026gt;V\u003c/code\u003e to match spec in (:pull:\u003ccode\u003e1141\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003eformat_full_version\u003c/code\u003e to \u003ccode\u003e_format_full_version\u003c/code\u003e to make it visibly private in (:pull:\u003ccode\u003e1125\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict local version to ASCII in (:pull:\u003ccode\u003e1102\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePylock (PEP 751) updates:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a\"\u003e\u003ccode\u003e84a87ee\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14\"\u003e\u003ccode\u003e4a616b6\u003c/code\u003e\u003c/a\u003e docs: a few more updates to prepare for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0\"\u003e\u003ccode\u003e9de6f44\u003c/code\u003e\u003c/a\u003e ci: use native uv integration in rtd (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1175\"\u003e#1175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466\"\u003e\u003ccode\u003ebc76e14\u003c/code\u003e\u003c/a\u003e chore: update changelog for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1161\"\u003e#1161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f\"\u003e\u003ccode\u003e3f00091\u003c/code\u003e\u003c/a\u003e tests: add a pickle check (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1174\"\u003e#1174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad\"\u003e\u003ccode\u003e48a8a06\u003c/code\u003e\u003c/a\u003e fix: make Requirements/Markers pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1171\"\u003e#1171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84\"\u003e\u003ccode\u003e823b44e\u003c/code\u003e\u003c/a\u003e fix: make Tags pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1170\"\u003e#1170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733\"\u003e\u003ccode\u003e4bed32d\u003c/code\u003e\u003c/a\u003e fix: make Specifier / SpecifierSet pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1168\"\u003e#1168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec\"\u003e\u003ccode\u003e963118e\u003c/code\u003e\u003c/a\u003e fix: re-export ExceptionGroup for now (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1164\"\u003e#1164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb\"\u003e\u003ccode\u003e66e34a8\u003c/code\u003e\u003c/a\u003e docs(specifiers): add is_unsatisfiable() usage example (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1166\"\u003e#1166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/packaging/compare/26.0...26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pygments` from 2.19.2 to 2.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pygments/pygments/releases\"\u003epygments's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.20.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRell (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2914\"\u003e#2914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003earchetype: Fix catastrophic backtracking in GUID and ID patterns (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3064\"\u003e#3064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eASN.1: Recognize minus sign and fix range operator (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3014\"\u003e#3014\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3060\"\u003e#3060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eC++: Add C++26 keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e), add integer literal suffixes (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComponentPascal: Fix \u003ccode\u003eanalyse_text\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3028\"\u003e#3028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3032\"\u003e#3032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCoq renamed to Rocq (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2883\"\u003e#2883\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2908\"\u003e#2908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCython: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2932\"\u003e#2932\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDebian control: Improve architecture parsing (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3052\"\u003e#3052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDevicetree: Add support for overlay/fragments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3021\"\u003e#3021\u003c/a\u003e), add bytestring support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3022\"\u003e#3022\u003c/a\u003e), fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3057\"\u003e#3057\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFennel: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHaskell: Handle escape sequences in character literals (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3069\"\u003e#3069\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/1795\"\u003e#1795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJava: Add module keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLean4: Add operators \u003ccode\u003e]'\u003c/code\u003e, \u003ccode\u003e]?\u003c/code\u003e, \u003ccode\u003e]!\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2946\"\u003e#2946\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLESS: Support single-line comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3005\"\u003e#3005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLilyPond: Update to 2.25.29 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2974\"\u003e#2974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLLVM: Support C-style comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3023\"\u003e#3023\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2978\"\u003e#2978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLua(u): Fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMacaulay2: Update to 1.25.05 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2893\"\u003e#2893\u003c/a\u003e), 1.25.11 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2988\"\u003e#2988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMathematica: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2957\"\u003e#2957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emeson: Add additional operators (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMySQL: Update keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2970\"\u003e#2970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorg-Mode: Support both schedule and deadline (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2899\"\u003e#2899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePHP: Add \u003ccode\u003e__PROPERTY__\u003c/code\u003e magic constant (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2924\"\u003e#2924\u003c/a\u003e), add reserved keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3002\"\u003e#3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePostgreSQL: Add more keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2985\"\u003e#2985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprotobuf: Fix namespace tokenization (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2929\"\u003e#2929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython: Add \u003ccode\u003et\u003c/code\u003e-string support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2973\"\u003e#2973\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3009\"\u003e#3009\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTablegen: Fix infinite loop (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2972\"\u003e#2972\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTera Term macro: Add commands introduced in v5.3 through v5.6 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTOML: Support TOML 1.1.0 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3026\"\u003e#3026\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3027\"\u003e#3027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurtle: Allow empty comment lines (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2980\"\u003e#2980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXML: Added \u003ccode\u003e.xbrl\u003c/code\u003e as file ending (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2890\"\u003e#2890\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2891\"\u003e#2891\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Python 3.8, and add Python 3.14 as a supported version (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2987\"\u003e#2987\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3012\"\u003e#3012\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to \u003ccode\u003eautopygmentize\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2894\"\u003e#2894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eonedark\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2977\"\u003e#2977\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ertt\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2895\"\u003e#2895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache entry points to improve performance (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2979\"\u003e#2979\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003exterm-256\u003c/code\u003e color table (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003ekwargs\u003c/code\u003e dictionary getting mutated on each call (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pygments/pygments/blob/master/CHANGES\"\u003epygments's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.20.0\u003c/h2\u003e\n\u003cp\u003e(released March 29th, 2026)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRell (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2914\"\u003e#2914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003earchetype: Fix catastrophic backtracking in GUID and ID patterns (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3064\"\u003e#3064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eASN.1: Recognize minus sign and fix range operator (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3014\"\u003e#3014\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3060\"\u003e#3060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eC++: Add C++26 keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e), add integer literal suffixes (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComponentPascal: Fix \u003ccode\u003eanalyse_text\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3028\"\u003e#3028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3032\"\u003e#3032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCoq renamed to Rocq (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2883\"\u003e#2883\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2908\"\u003e#2908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCython: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2932\"\u003e#2932\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDebian control: Improve architecture parsing (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3052\"\u003e#3052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDevicetree: Add support for overlay/fragments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3021\"\u003e#3021\u003c/a\u003e), add bytestring support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3022\"\u003e#3022\u003c/a\u003e), fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3057\"\u003e#3057\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFennel: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHaskell: Handle escape sequences in character literals (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3069\"\u003e#3069\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/1795\"\u003e#1795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJava: Add module keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLean4: Add operators \u003ccode\u003e]'\u003c/code\u003e, \u003ccode\u003e]?\u003c/code\u003e, \u003ccode\u003e]!\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2946\"\u003e#2946\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLESS: Support single-line comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3005\"\u003e#3005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLilyPond: Update to 2.25.29 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2974\"\u003e#2974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLLVM: Support C-style comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3023\"\u003e#3023\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2978\"\u003e#2978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLua(u): Fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMacaulay2: Update to 1.25.05 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2893\"\u003e#2893\u003c/a\u003e), 1.25.11 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2988\"\u003e#2988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMathematica: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2957\"\u003e#2957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emeson: Add additional operators (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMySQL: Update keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2970\"\u003e#2970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorg-Mode: Support both schedule and deadline (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2899\"\u003e#2899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePHP: Add \u003ccode\u003e__PROPERTY__\u003c/code\u003e magic constant (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2924\"\u003e#2924\u003c/a\u003e), add reserved keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3002\"\u003e#3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePostgreSQL: Add more keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2985\"\u003e#2985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprotobuf: Fix namespace tokenization (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2929\"\u003e#2929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython: Add \u003ccode\u003et\u003c/code\u003e-string support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2973\"\u003e#2973\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3009\"\u003e#3009\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTablegen: Fix infinite loop (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2972\"\u003e#2972\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTera Term macro: Add commands introduced in v5.3 through v5.6 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTOML: Support TOML 1.1.0 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3026\"\u003e#3026\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3027\"\u003e#3027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurtle: Allow empty comment lines (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2980\"\u003e#2980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXML: Added \u003ccode\u003e.xbrl\u003c/code\u003e as file ending (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2890\"\u003e#2890\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2891\"\u003e#2891\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Python 3.8, and add Python 3.14 as a supported version (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2987\"\u003e#2987\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3012\"\u003e#3012\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to \u003ccode\u003eautopygmentize\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2894\"\u003e#2894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eonedark\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2977\"\u003e#2977\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ertt\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2895\"\u003e#2895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache entry points to improve performance (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2979\"\u003e#2979\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003exterm-256\u003c/code\u003e color table (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003ekwargs\u003c/code\u003e dictionary getting mutated on each call (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/708197d82827ba2d5ca78bcbb653c7102ce86dcd\"\u003e\u003ccode\u003e708197d\u003c/code\u003e\u003c/a\u003e Fix underline length.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/1d4538ae8621d766ecc91ff59caf76ab75983abc\"\u003e\u003ccode\u003e1d4538a\u003c/code\u003e\u003c/a\u003e Prepare 2.20 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/2ceaee4e634eebae2d10a47fd05406871f6bac8f\"\u003e\u003ccode\u003e2ceaee4\u003c/code\u003e\u003c/a\u003e Update CHANGES.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/e3a3c54b58c7f80bc4db887e471d4f91c77844ed\"\u003e\u003ccode\u003ee3a3c54\u003c/code\u003e\u003c/a\u003e Fix Haskell lexer: handle escape sequences in character literals (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3069\"\u003e#3069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/d7c3453e342dac319f58e4091f4ef183cc49d802\"\u003e\u003ccode\u003ed7c3453\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3071\"\u003e#3071\u003c/a\u003e from pygments/harden-html-formatter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/0f97e7c37d44abfa4ddfddf44a3290fdad586034\"\u003e\u003ccode\u003e0f97e7c\u003c/code\u003e\u003c/a\u003e Harden the HTML formatter against CSS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/9f981b2ba42b88ca5bdcebf12cd01efd7cd80aec\"\u003e\u003ccode\u003e9f981b2\u003c/code\u003e\u003c/a\u003e Update CHANGES.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/1d889151024e9a53f3702a60558b29b070306e9e\"\u003e\u003ccode\u003e1d88915\u003c/code\u003e\u003c/a\u003e Update CHANGES.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/c3d93adb9827fc054c3c12b47bde31c781a36a93\"\u003e\u003ccode\u003ec3d93ad\u003c/code\u003e\u003c/a\u003e Fix ASN.1 lexer: recognize minus sign and fix range operator (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3060\"\u003e#3060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/4f06bcf8a5ba3f2b5bda24a26ccf041a1a65d91e\"\u003e\u003ccode\u003e4f06bcf\u003c/code\u003e\u003c/a\u003e fix bad behaving backtracking regex in CommonLispLexer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pygments/pygments/compare/2.19.2...2.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.1\u003c/h2\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ferdnyc\"\u003e\u003ccode\u003e@​ferdnyc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7277\"\u003epsf/requests#7277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/111d2b77790bf49943c0dfa09b365371c24aec7e\"\u003e\u003ccode\u003e111d2b7\u003c/code\u003e\u003c/a\u003e v2.33.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/f0198e6dfc431a2293dc16e1b1e8fcddc910a7f3\"\u003e\u003ccode\u003ef0198e6\u003c/code\u003e\u003c/a\u003e Fix malformed value parsing for Content-Type (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc7dd0fc4d56e808bcdd85ac2d797b3107c89259\"\u003e\u003ccode\u003ebc7dd0f\u003c/code\u003e\u003c/a\u003e Fix cosmetic header validity parsing regex (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/4443b1a847b190010c2972a658924b98b5db6360\"\u003e\u003ccode\u003e4443b1a\u003c/code\u003e\u003c/a\u003e Fix unintended test extra (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/389eea58dfb2f2ee096421a812e3af29c0298951\"\u003e\u003ccode\u003e389eea5\u003c/code\u003e\u003c/a\u003e Cleanup extracted file after extract_zipped_path test (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7407309c8a8a73aa2f4337184025d440bbedab7a\"\u003e\u003ccode\u003e7407309\u003c/code\u003e\u003c/a\u003e Packaging: DRY out extras definition (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7277\"\u003e#7277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tomli` from 2.4.0 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hukkin/tomli/blob/master/CHANGELOG.md\"\u003etomli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed\n\u003cul\u003e\n\u003cli\u003eLimit number of parts of a TOML key to address quadratic time complexity\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/c5f44690c68c5ed29534faa8f9df18882113728c\"\u003e\u003ccode\u003ec5f4469\u003c/code\u003e\u003c/a\u003e Bump version: 2.4.0 → 2.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/2bcd2627d5fcc262f734eaa730b62c0915d1e0d3\"\u003e\u003ccode\u003e2bcd262\u003c/code\u003e\u003c/a\u003e Add change log for 2.4.1 and 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/e1fdb94bc998377f1c2545c7cd4f70ff2a3fb4e4\"\u003e\u003ccode\u003ee1fdb94\u003c/code\u003e\u003c/a\u003e Limit number of parts of a key (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/c20c49113890c226ffb27a67befe20d14fcf0c73\"\u003e\u003ccode\u003ec20c491\u003c/code\u003e\u003c/a\u003e pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/920e20b1cf495b63f6d4a6aa3cd5e4ff25f5f5a7\"\u003e\u003ccode\u003e920e20b\u003c/code\u003e\u003c/a\u003e Update performance benchmark and results\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/064e492919b2338def788753b8c981c9131334c0\"\u003e\u003ccode\u003e064e492\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/280\"\u003e#280\u003c/a\u003e from hukkin/version-2.4.0\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hukkin/tomli/compare/2.4.0...2.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `attrs` from 25.4.0 to 26.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-attrs/attrs/releases\"\u003eattrs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.1.0\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eThe main outward change here only affects people using field transformers, but it should be a nice quality of life improvement!\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFull changelog below!\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eSpecial Thanks\u003c/h2\u003e\n\u003cp\u003eThis release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If \u003cem\u003eyou\u003c/em\u003e would like to join them, go to \u003ca href=\"https://github.com/sponsors/hynek\"\u003ehttps://github.com/sponsors/hynek\u003c/a\u003e and check out the sweet perks!\u003c/p\u003e\n\u003ch3\u003eAbove and Beyond\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://www.variomedia.de/\"\u003eVariomedia AG\u003c/a\u003e (@\u003ca href=\"https://github.com/variomedia\"\u003evariomedia\u003c/a\u003e), \u003ca href=\"https://www.tidelift.com/\"\u003eTidelift\u003c/a\u003e (@\u003ca href=\"https://github.com/tidelift\"\u003etidelift\u003c/a\u003e), \u003ca href=\"https://kraken.tech\"\u003eKraken Tech\u003c/a\u003e (@\u003ca href=\"https://github.com/kraken-tech\"\u003ekraken-tech\u003c/a\u003e), \u003ca href=\"https://privacy-solutions.org\"\u003ePrivacy Solutions GmbH\u003c/a\u003e (@\u003ca href=\"https://github.com/privacy-solutions\"\u003eprivacy-solutions\u003c/a\u003e), \u003ca href=\"http://filepreviews.io/\"\u003eFilePreviews\u003c/a\u003e (@\u003ca href=\"https://github.com/filepreviews\"\u003efilepreviews\u003c/a\u003e), \u003ca href=\"https://ecosyste.ms\"\u003eEcosystems\u003c/a\u003e (@\u003ca href=\"https://github.com/ecosyste-ms\"\u003eecosyste-ms\u003c/a\u003e), \u003ca href=\"https://www.lambdatest.com\"\u003eTestMu AI Open Source Office (Formerly LambdaTest)\u003c/a\u003e (@\u003ca href=\"https://github.com/LambdaTest-Inc\"\u003eLambdaTest-Inc\u003c/a\u003e), \u003ca href=\"https://doist.com/\"\u003eDoist\u003c/a\u003e (@\u003ca href=\"https://github.com/Doist\"\u003eDoist\u003c/a\u003e), Daniel Fortunov (@\u003ca href=\"https://github.com/asqui\"\u003easqui\u003c/a\u003e), and Kevin P. Fleming (@\u003ca href=\"https://github.com/kpfleming\"\u003ekpfleming\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMaintenance Sustainers\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://buttondown.com\"\u003eButtondown\u003c/a\u003e (@\u003ca href=\"https://github.com/buttondown\"\u003ebuttondown\u003c/a\u003e), \u003ca href=\"https://christopher.xyz\"\u003eChristopher Dignam\u003c/a\u003e (@\u003ca href=\"https://github.com/chdsbd\"\u003echdsbd\u003c/a\u003e), Magnus Watn (@\u003ca href=\"https://github.com/magnuswatn\"\u003emagnuswatn\u003c/a\u003e), \u003ca href=\"https://cra.mr\"\u003eDavid Cramer\u003c/a\u003e (@\u003ca href=\"https://github.com/dcramer\"\u003edcramer\u003c/a\u003e), \u003ca href=\"https://rivolaks.com\"\u003eRivo Laks\u003c/a\u003e (@\u003ca href=\"https://github.com/rivol\"\u003erivol\u003c/a\u003e), \u003ca href=\"https://polar.sh\"\u003ePolar\u003c/a\u003e (@\u003ca href=\"https://github.com/polarsource\"\u003epolarsource\u003c/a\u003e), \u003ca href=\"https://miketheman.dev\"\u003eMike Fiedler\u003c/a\u003e (@\u003ca href=\"https://github.com/miketheman\"\u003emiketheman\u003c/a\u003e), Duncan Hill (@\u003ca href=\"https://github.com/cricalix\"\u003ecricalix\u003c/a\u003e), Colin Marquardt (@\u003ca href=\"https://github.com/cmarqu\"\u003ecmarqu\u003c/a\u003e), \u003ca href=\"https://blog.journeythatcounts.nl\"\u003ePieter Swinkels\u003c/a\u003e (@\u003ca href=\"https://github.com/swinkels\"\u003eswinkels\u003c/a\u003e), Nick Libertini (@\u003ca href=\"https://github.com/libertininick\"\u003elibertininick\u003c/a\u003e), \u003ca href=\"https://bmdphd.info/\"\u003eBrian M. Dennis\u003c/a\u003e (@\u003ca href=\"https://github.com/crossjam\"\u003ecrossjam\u003c/a\u003e), Celebrity News AG (@\u003ca href=\"https://github.com/celebritynewsag\"\u003ecelebritynewsag\u003c/a\u003e), \u003ca href=\"https://westervelt.com\"\u003eThe Westervelt Company\u003c/a\u003e (@\u003ca href=\"https://github.com/westerveltco\"\u003ewesterveltco\u003c/a\u003e), \u003ca href=\"https://slafs.net\"\u003eSławomir Ehlert\u003c/a\u003e (@\u003ca href=\"https://github.com/slafs\"\u003eslafs\u003c/a\u003e), Mostafa Khalil (@\u003ca href=\"https://github.com/khadrawy\"\u003ekhadrawy\u003c/a\u003e), \u003ca href=\"https://fmularczyk.pl\"\u003eFilip Mularczyk\u003c/a\u003e (@\u003ca href=\"https://github.com/mukiblejlok\"\u003emukiblejlok\u003c/a\u003e), Thomas Klinger (@\u003ca href=\"https://github.com/thmsklngr\"\u003ethmsklngr\u003c/a\u003e), \u003ca href=\"https://poehlmann.io\"\u003eAndreas Poehlmann\u003c/a\u003e (@\u003ca href=\"https://github.com/ap--\"\u003eap--\u003c/a\u003e), \u003ca href=\"https://atbigelow.com\"\u003eAugust Trapper Bigelow\u003c/a\u003e (@\u003ca href=\"https://github.com/atbigelow\"\u003eatbigelow\u003c/a\u003e), \u003ca href=\"https://noumenal.es/\"\u003eCarlton Gibson\u003c/a\u003e (@\u003ca href=\"https://github.com/carltongibson\"\u003ecarltongibson\u003c/a\u003e), and \u003ca href=\"https://roboflow.com\"\u003eRoboflow\u003c/a\u003e (@\u003ca href=\"https://github.com/roboflow\"\u003eroboflow\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eFull Changelog\u003c/h2\u003e\n\u003ch3\u003eBackwards-incompatible Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eField aliases are now resolved \u003cem\u003ebefore\u003c/em\u003e calling \u003ccode\u003efield_transformer\u003c/code\u003e, so transformers receive fully populated \u003ccode\u003eAttribute\u003c/code\u003e objects with usable \u003ccode\u003ealias\u003c/code\u003e values instead of \u003ccode\u003eNone\u003c/code\u003e. The new \u003ccode\u003eAttribute.alias_is_default\u003c/code\u003e flag indicates whether the alias was auto-generated (\u003ccode\u003eTrue\u003c/code\u003e) or explicitly set by the user (\u003ccode\u003eFalse\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1509\"\u003e#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix type annotations for \u003ccode\u003eattrs.validators.optional()\u003c/code\u003e, so it no longer rejects tuples with more than one validator. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1496\"\u003e#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eattrs.validators.disabled()\u003c/code\u003e contextmanager can now be nested. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1513\"\u003e#1513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFrozen classes can set \u003ccode\u003eon_setattr=attrs.setters.NO_OP\u003c/code\u003e in addition to \u003ccode\u003eNone\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1515\"\u003e#1515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt's now possible to pass \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003einstances\u003c/strong\u003e in addition to \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003eclasses\u003c/strong\u003e to \u003ccode\u003eattrs.fields()\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eThis release contains contributions from \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/DavidCEllis\"\u003e\u003ccode\u003e@​DavidCEllis\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/finite-state-machine\"\u003e\u003ccode\u003e@​finite-state-machine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hynek\"\u003e\u003ccode\u003e@​hynek\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/vstinner\"\u003e\u003ccode\u003e@​vstinner\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eArtifact Attestations\u003c/h2\u003e\n\u003cp\u003eYou can verify this release's \u003ca href=\"https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds\"\u003eartifact attestions\u003c/a\u003e using \u003ca href=\"https://cli.github.com\"\u003eGitHub's CLI tool\u003c/a\u003e by downloading the sdist and wheel from \u003ca href=\"https://pypi.org/project/attrs\"\u003ePyPI\u003c/a\u003e and running:\u003c/p\u003e\n\u003cpre lang=\"console\"\u003e\u003ccode\u003e$ gh attestation verify --owner python-attrs attrs-26.1.0.tar.gz\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md\"\u003eattrs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/python-attrs/attrs/tree/26.1.0\"\u003e26.1.0\u003c/a\u003e - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eBackwards-incompatible Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eField aliases are now resolved \u003cem\u003ebefore\u003c/em\u003e calling \u003ccode\u003efield_transformer\u003c/code\u003e, so transformers receive fully populated \u003ccode\u003eAttribute\u003c/code\u003e objects with usable \u003ccode\u003ealias\u003c/code\u003e values instead of \u003ccode\u003eNone\u003c/code\u003e.\nThe new \u003ccode\u003eAttribute.alias_is_default\u003c/code\u003e flag indicates whether the alias was auto-generated (\u003ccode\u003eTrue\u003c/code\u003e) or explicitly set by the user (\u003ccode\u003eFalse\u003c/code\u003e).\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1509\"\u003e#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix type annotations for \u003ccode\u003eattrs.validators.optional()\u003c/code\u003e, so it no longer rejects tuples with more than one validator.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1496\"\u003e#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eattrs.validators.disabled()\u003c/code\u003e contextmanager can now be nested.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1513\"\u003e#1513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFrozen classes can set \u003ccode\u003eon_setattr=attrs.setters.NO_OP\u003c/code\u003e in addition to \u003ccode\u003eNone\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1515\"\u003e#1515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt's now possible to pass \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003einstances\u003c/strong\u003e in addition to \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003eclasses\u003c/strong\u003e to \u003ccode\u003eattrs.fields()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/7bfc49e9b22d5ba25b6e429524c3d49fee27cb36\"\u003e\u003ccode\u003e7bfc49e\u003c/code\u003e\u003c/a\u003e Prepare 26.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/31e02869da10824b492c378c1dc87ccc720ee5ad\"\u003e\u003ccode\u003e31e0286\u003c/code\u003e\u003c/a\u003e Update test_validators.py for Python 3.15a7 (\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/48b8611c27779811d161200e17de8da24aae7feb\"\u003e\u003ccode\u003e48b8611\u003c/code\u003e\u003c/a\u003e Add instance support to attrs.fields() (\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/3a68d4913221abc6f8ad3be50937f7ae49300a98\"\u003e\u003ccode\u003e3a68d49\u003c/code\u003e\u003c/a\u003e dev: document missing git tags failure mode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/a572c3a4c558a8b9b48cf989fcd956ab1a279439\"\u003e\u003ccode\u003ea572c3a\u003c/cod...\n\n_Description has been truncated_","html_url":"https://github.com/python-trio/trustme/pull/711","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-trio%2Ftrustme/issues/711","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/711/packages"},{"uuid":"4333145766","node_id":"PR_kwDOQguR2c7V04_h","number":11,"state":"closed","title":"chore(deps): bump the python-minor-patch group across 1 directory with 43 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-11T04:47:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T04:45:26.000Z","updated_at":"2026-05-11T04:47:55.000Z","time_to_close":1209748,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":43,"packages":[{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.4.22","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.128.0","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.1.0","new_version":"2026.4.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jiter","old_version":"0.12.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mmh3","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/hajimes/mmh3"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"openai","old_version":"2.16.0","new_version":"2.33.0","repository_url":"https://github.com/openai/openai-python"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"postgrest","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"psycopg-binary","old_version":"3.3.2","new_version":"3.3.4","repository_url":"https://github.com/psycopg/psycopg"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.0","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyiceberg","old_version":"0.10.0","new_version":"0.11.1","repository_url":"https://github.com/apache/iceberg-python"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pypdfium2","old_version":"5.3.0","new_version":"5.7.1","repository_url":"https://github.com/pypdfium2-team/pypdfium2"},{"name":"pyroaring","old_version":"1.0.3","new_version":"1.1.0","repository_url":"https://github.com/Ezibenroc/PyRoaringBitMap"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"realtime","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"regex","old_version":"2026.1.15","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"reportlab","old_version":"4.4.9","new_version":"4.5.0"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"storage3","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tenacity","old_version":"9.1.2","new_version":"9.1.4","repository_url":"https://github.com/jd/tenacity"},{"name":"textblob","old_version":"0.19.0","new_version":"0.20.0","repository_url":"https://github.com/sloria/TextBlob"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.46.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"yarl","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/aio-libs/yarl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 43 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.4.22` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.136.1` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.1.0` | `2026.4.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mmh3](https://github.com/hajimes/mmh3) | `5.2.0` | `5.2.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [openai](https://github.com/openai/openai-python) | `2.16.0` | `2.33.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [psycopg-binary](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.4` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.0` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.3` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyiceberg](https://github.com/apache/iceberg-python) | `0.10.0` | `0.11.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |\n| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.3.0` | `5.7.1` |\n| [pyroaring](https://github.com/Ezibenroc/PyRoaringBitMap) | `1.0.3` | `1.1.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.4.4` |\n| [reportlab](https://www.reportlab.com/) | `4.4.9` | `4.5.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |\n| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.46.0` |\n| [yarl](https://github.com/aio-libs/yarl) | `1.22.0` | `1.23.0` |\n\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.4.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.04.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.3/\"\u003ehttps://pypi.org/project/click/8.3.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-3\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/1026\"\u003e#1026\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/1477\"\u003e#1477\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2775\"\u003e#2775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3298\"\u003e#3298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3299\"\u003e#3299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3238\"\u003e#3238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/654\"\u003e#654\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/843\"\u003e#843\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/951\"\u003e#951\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3235\"\u003e#3235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3177\"\u003e#3177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2836\"\u003e#2836\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2837\"\u003e#2837\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3165\"\u003e#3165\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3262\"\u003e#3262\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3280\"\u003e#3280\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3111\"\u003e#3111\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3189\"\u003e#3189\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3250\"\u003e#3250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2865\"\u003e#2865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2879\"\u003e#2879\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-20\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n:issue:\u003ccode\u003e1026\u003c/code\u003e :pr:\u003ccode\u003e1477\u003c/code\u003e :pr:\u003ccode\u003e2775\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. :issue:\u003ccode\u003e3298\u003c/code\u003e :pr:\u003ccode\u003e3299\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. :pr:\u003ccode\u003e3238\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n:issue:\u003ccode\u003e3224\u003c/code\u003e :pr:\u003ccode\u003e3240\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n:issue:\u003ccode\u003e654\u003c/code\u003e :issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e843\u003c/code\u003e :pr:\u003ccode\u003e951\u003c/code\u003e :pr:\u003ccode\u003e3235\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. :pr:\u003ccode\u003e3151\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. :pr:\u003ccode\u003e3151\u003c/code\u003e :pr:\u003ccode\u003e3177\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. :issue:\u003ccode\u003e2836\u003c/code\u003e :pr:\u003ccode\u003e2837\u003c/code\u003e :pr:\u003ccode\u003e3165\u003c/code\u003e :pr:\u003ccode\u003e3262\u003c/code\u003e :pr:\u003ccode\u003e3280\u003c/code\u003e\n:pr:\u003ccode\u003e3328\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. :issue:\u003ccode\u003e3111\u003c/code\u003e :pr:\u003ccode\u003e3239\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. :issue:\u003ccode\u003e3189\u003c/code\u003e :pr:\u003ccode\u003e3250\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n:issue:\u003ccode\u003e2865\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. :issue:\u003ccode\u003e2879\u003c/code\u003e :pr:\u003ccode\u003e3248\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c06d2d0a6aee6bcc50bd8257be2a4a592f4e75d0\"\u003e\u003ccode\u003ec06d2d0\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/f1f191ecd2c790b161187c78e7c88440e9524e5c\"\u003e\u003ccode\u003ef1f191e\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3343\"\u003e#3343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/bb59ba0fd279ca085d1113f0499b6a602ca31081\"\u003e\u003ccode\u003ebb59ba0\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4a352253c9ff013e36d11e4a6820d36d00ff2cd4\"\u003e\u003ccode\u003e4a35225\u003c/code\u003e\u003c/a\u003e Reduce blast-radius of \u003ccode\u003eUNSET\u003c/code\u003e in \u003ccode\u003edefault_map\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c07bb936de43fd303f9cfbefe248ab23fd2199c8\"\u003e\u003ccode\u003ec07bb93\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into unset-in-default-map\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c7e1ba8448cbcb2cdd9c1c7f4a592e863dcc3995\"\u003e\u003ccode\u003ec7e1ba8\u003c/code\u003e\u003c/a\u003e Reorder \u003ccode\u003eParameterSource\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/76552ff1e8c85837f911fc34037e702ae4327eda\"\u003e\u003ccode\u003e76552ff\u003c/code\u003e\u003c/a\u003e Show default string in prompt (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ac5cec5fe54e5a691e7bac17f441ce9498e0744c\"\u003e\u003ccode\u003eac5cec5\u003c/code\u003e\u003c/a\u003e Reorder ParameterSource from most to least explicit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c452e00e6772931b7071d9316b82b77e5b8f280\"\u003e\u003ccode\u003e8c452e0\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into show-default-string-in-prompt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c95c73bd5ef89eac638f85f1904a104ba4b1a32\"\u003e\u003ccode\u003e8c95c73\u003c/code\u003e\u003c/a\u003e Reconcile default value passing and default activation (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.128.0 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.0...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.1.0 to 2026.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8fdedd1fd17be354f75f0cec1f973d93416c704b\"\u003e\u003ccode\u003e8fdedd1\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8205d0d1afecb64f34565ebeb073b7f1959a869d\"\u003e\u003ccode\u003e8205d0d\u003c/code\u003e\u003c/a\u003e Release (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/50bfba22200077fa602038857e19d58cc2541db5\"\u003e\u003ccode\u003e50bfba2\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/f58bc851213ab3a87b2d26c01c9d26b291b0e1d3\"\u003e\u003ccode\u003ef58bc85\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/c6c7b40b7794c6e554d9dcae7bf4930bba67e403\"\u003e\u003ccode\u003ec6c7b40\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/3bc67f85c3b67c5adef11af35761fd839de306fb\"\u003e\u003ccode\u003e3bc67f8\u003c/code\u003e\u003c/a\u003e DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/0b290bf1336bb15d4327afcdf743d9a17b5ea762\"\u003e\u003ccode\u003e0b290bf\u003c/code\u003e\u003c/a\u003e docs: add URL handling note to HTTPFileSystem class docstring (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b33a2d6c3b6912c645d9a315791f41e74bff4c66\"\u003e\u003ccode\u003eb33a2d6\u003c/code\u003e\u003c/a\u003e ci: install downstream systems like gcsfs before testing so the \u003ccode\u003e_version.py\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e9e7a5b5eab42b6c6d0790aa0aa510f66fc44630\"\u003e\u003ccode\u003ee9e7a5b\u003c/code\u003e\u003c/a\u003e Delegate DirFileSystem delete and write_text (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/105d614a443e3f46236deb87442cc5491741687c\"\u003e\u003ccode\u003e105d614\u003c/code\u003e\u003c/a\u003e fix: use encode_url() in _pipe_file for consistency (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.1.0...2026.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.13 (2026-04-22)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.12 (2026-04-21)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0\"\u003e\u003ccode\u003e89cdfd2\u003c/code\u003e\u003c/a\u003e Release v3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891\"\u003e\u003ccode\u003e1eb0686\u003c/code\u003e\u003c/a\u003e Pre-release 3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e\"\u003e\u003ccode\u003e5f20d1e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/220\"\u003e#220\u003c/a\u003e from kjd/unicode-next\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810\"\u003e\u003ccode\u003e4ea8425\u003c/code\u003e\u003c/a\u003e Regenerate idnadata.py with correct NFKC_CF data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41\"\u003e\u003ccode\u003efd47341\u003c/code\u003e\u003c/a\u003e Use NFKC_CF from Unicode data files instead of Python's unicodedata module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467\"\u003e\u003ccode\u003ea5304a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/219\"\u003e#219\u003c/a\u003e from kjd/release-3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6\"\u003e\u003ccode\u003ed80d6f9\u003c/code\u003e\u003c/a\u003e Release v3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291\"\u003e\u003ccode\u003e1bb44dd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/218\"\u003e#218\u003c/a\u003e from kjd/release-candidate-3.12rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b\"\u003e\u003ccode\u003e909c49d\u003c/code\u003e\u003c/a\u003e Release candidate for 3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d\"\u003e\u003ccode\u003ec5459a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/217\"\u003e#217\u003c/a\u003e from kjd/housekeeping-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.12.0 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/dcdc93df6b9c6eb53facb0fff725069d9528d735\"\u003e\u003ccode\u003edcdc93d\u003c/code\u003e\u003c/a\u003e Prepare release v0.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/974695165327d19c93eb7b6030050c6555125ff2\"\u003e\u003ccode\u003e9746951\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/7f311e91b35e9896a43d0f57e7a3ca905efb1a5b\"\u003e\u003ccode\u003e7f311e9\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/52d6f7df7d7eb94ec8cc3307d466e49ef98fdf60\"\u003e\u003ccode\u003e52d6f7d\u003c/code\u003e\u003c/a\u003e Update pyodide to 0.28 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/40c53b38ef8049e222f11ed345f2309ad3e5e249\"\u003e\u003ccode\u003e40c53b3\u003c/code\u003e\u003c/a\u003e remove hyperlint (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/891a4d4f127b6d720439755c20e7193ad83531f9\"\u003e\u003ccode\u003e891a4d4\u003c/code\u003e\u003c/a\u003e Update to edition 2024, MSRV 1.88 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/b14af5e412454275d6a303f4517faec74bfcc4c1\"\u003e\u003ccode\u003eb14af5e\u003c/code\u003e\u003c/a\u003e Avoid stack overflow in \u003ccode\u003ePyStringCache\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/1764e65598dc197402769a054160583c26da9ef8\"\u003e\u003ccode\u003e1764e65\u003c/code\u003e\u003c/a\u003e Introduce zizmor (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/29a5e6dd444c950d57ef347ff42f4015174e7d27\"\u003e\u003ccode\u003e29a5e6d\u003c/code\u003e\u003c/a\u003e Add yamlfmt (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/cb40f58b9d3baf89d3a68b1ee9ce4919a592025e\"\u003e\u003ccode\u003ecb40f58\u003c/code\u003e\u003c/a\u003e Modernize project setup using uv (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.12.0...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/wandile0157/smartdoc-ai-backend/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandile0157%2Fsmartdoc-ai-backend/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4328788762","node_id":"PR_kwDOQnZ8zc7Vn8p7","number":67,"state":"closed","title":"deps(pip): bump the pip-minor-and-patch group across 1 directory with 42 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T17:36:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T17:30:14.000Z","updated_at":"2026-04-25T17:36:25.000Z","time_to_close":369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(pip): bump","group_name":"pip-minor-and-patch","update_count":42,"packages":[{"name":"dj-database-url","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/jazzband/dj-database-url"},{"name":"djangorestframework","old_version":"3.16.1","new_version":"3.17.1","repository_url":"https://github.com/encode/django-rest-framework"},{"name":"matplotlib","old_version":"3.10.8","new_version":"3.10.9","repository_url":"https://github.com/matplotlib/matplotlib"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"django-environ","old_version":"0.12.1","new_version":"0.13.0","repository_url":"https://github.com/joke2k/django-environ"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"bandit","old_version":"1.9.3","new_version":"1.9.4","repository_url":"https://github.com/PyCQA/bandit"},{"name":"boto3","old_version":"1.42.39","new_version":"1.42.96","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.39","new_version":"1.42.96","repository_url":"https://github.com/boto/botocore"},{"name":"cbor2","old_version":"5.8.0","new_version":"5.9.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"celery","old_version":"5.6.2","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.4","new_version":"7.13.5","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"daphne","old_version":"4.1.2","new_version":"4.2.1","repository_url":"https://github.com/django/daphne"},{"name":"djangorestframework-stubs","old_version":"3.16.8","new_version":"3.16.9","repository_url":"https://github.com/typeddjango/djangorestframework-stubs"},{"name":"filelock","old_version":"3.24.2","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"gunicorn","old_version":"25.1.0","new_version":"25.3.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"identify","old_version":"2.6.16","new_version":"2.6.19","repository_url":"https://github.com/pre-commit/identify"},{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.8.0","new_version":"0.9.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mypy","old_version":"1.19.1","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"numpy","old_version":"2.4.2","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"pathspec","old_version":"1.0.3","new_version":"1.1.0","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.9.2","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"prometheus-client","old_version":"0.24.1","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyjwt","old_version":"2.11.0","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pyopenssl","old_version":"26.0.0","new_version":"26.1.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"pytest-env","old_version":"1.3.2","new_version":"1.6.0","repository_url":"https://github.com/pytest-dev/pytest-env"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.1","new_version":"0.15.12","repository_url":"https://github.com/astral-sh/ruff"},{"name":"s3transfer","old_version":"0.16.0","new_version":"0.16.1","repository_url":"https://github.com/boto/s3transfer"},{"name":"stevedore","old_version":"5.6.0","new_version":"5.7.0"},{"name":"types-requests","old_version":"2.32.4.20250913","new_version":"2.33.0.20260408","repository_url":"https://github.com/python/typeshed"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.46.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"wheel","old_version":"0.46.3","new_version":"0.47.0","repository_url":"https://github.com/pypa/wheel"},{"name":"zope-interface","old_version":"8.2","new_version":"8.4","repository_url":"https://github.com/zopefoundation/zope.interface"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-minor-and-patch group with 42 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dj-database-url](https://github.com/jazzband/dj-database-url) | `3.1.0` | `3.1.2` |\n| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.1` | `3.17.1` |\n| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.8` | `3.10.9` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [django-environ](https://github.com/joke2k/django-environ) | `0.12.1` | `0.13.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [bandit](https://github.com/PyCQA/bandit) | `1.9.3` | `1.9.4` |\n| [boto3](https://github.com/boto/boto3) | `1.42.39` | `1.42.96` |\n| [botocore](https://github.com/boto/botocore) | `1.42.39` | `1.42.96` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.8.0` | `5.9.0` |\n| [celery](https://github.com/celery/celery) | `5.6.2` | `5.6.3` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |\n| [daphne](https://github.com/django/daphne) | `4.1.2` | `4.2.1` |\n| [djangorestframework-stubs](https://github.com/typeddjango/djangorestframework-stubs) | `3.16.8` | `3.16.9` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.2` | `3.29.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.3.0` |\n| [identify](https://github.com/pre-commit/identify) | `2.6.16` | `2.6.19` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [librt](https://github.com/mypyc/librt) | `0.8.0` | `0.9.0` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.2` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.2` | `2.4.4` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.3` | `1.1.0` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.2` | `4.9.6` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.24.1` | `0.25.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.11.0` | `2.12.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.1.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [pytest-env](https://github.com/pytest-dev/pytest-env) | `1.3.2` | `1.6.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.1` | `0.15.12` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.0` | `0.16.1` |\n| [stevedore](https://docs.openstack.org/stevedore) | `5.6.0` | `5.7.0` |\n| [types-requests](https://github.com/python/typeshed) | `2.32.4.20250913` | `2.33.0.20260408` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.46.0` |\n| [wheel](https://github.com/pypa/wheel) | `0.46.3` | `0.47.0` |\n| [zope-interface](https://github.com/zopefoundation/zope.interface) | `8.2` | `8.4` |\n\n\nUpdates `dj-database-url` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jazzband/dj-database-url/releases\"\u003edj-database-url's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cryptography from 46.0.3 to 46.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/293\"\u003ejazzband/dj-database-url#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump django from 5.2.9 to 5.2.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/294\"\u003ejazzband/dj-database-url#294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump urllib3 from 2.6.2 to 2.6.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/295\"\u003ejazzband/dj-database-url#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump wheel from 0.45.1 to 0.46.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/296\"\u003ejazzband/dj-database-url#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/297\"\u003ejazzband/dj-database-url#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/293\"\u003ejazzband/dj-database-url#293\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jazzband/dj-database-url/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/jazzband/dj-database-url/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests directory to source distribution by \u003ca href=\"https://github.com/yohaann196\"\u003e\u003ccode\u003e@​yohaann196\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/285\"\u003ejazzband/dj-database-url#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch linting and formatting from flake8+isort+black to ruff; add typos to pre-commit; fix typos by \u003ca href=\"https://github.com/akx\"\u003e\u003ccode\u003e@​akx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/281\"\u003ejazzband/dj-database-url#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd project URLs to pyproject.toml by \u003ca href=\"https://github.com/luzfcb\"\u003e\u003ccode\u003e@​luzfcb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/287\"\u003ejazzband/dj-database-url#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate .pre-commit-config.yaml to use pinned version numbers. by \u003ca href=\"https://github.com/mattseymour\"\u003e\u003ccode\u003e@​mattseymour\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/289\"\u003ejazzband/dj-database-url#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/291\"\u003ejazzband/dj-database-url#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yohaann196\"\u003e\u003ccode\u003e@​yohaann196\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/285\"\u003ejazzband/dj-database-url#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/luzfcb\"\u003e\u003ccode\u003e@​luzfcb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/287\"\u003ejazzband/dj-database-url#287\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jazzband/dj-database-url/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/jazzband/dj-database-url/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md\"\u003edj-database-url's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/e77149f799f971f85d2cd1ccf01dbd3f0eb69cb5\"\u003e\u003ccode\u003ee77149f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/6beffe6de6a2d6284d6c5c76ee6753cc8787aee2\"\u003e\u003ccode\u003e6beffe6\u003c/code\u003e\u003c/a\u003e Fix a regression in adding tests/ dir to source package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/f9c31305ae85f1a22d2102da0b83acb577154d97\"\u003e\u003ccode\u003ef9c3130\u003c/code\u003e\u003c/a\u003e Bump wheel from 0.45.1 to 0.46.2 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/5337838ac302faaec32c969712dc44dfe28d4e15\"\u003e\u003ccode\u003e5337838\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.2 to 2.6.3 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/6fc366459ff21030c49ba613d1c129f615ee4228\"\u003e\u003ccode\u003e6fc3664\u003c/code\u003e\u003c/a\u003e Bump django from 5.2.9 to 5.2.11 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/19805c97f3667da652ce57df0be0e02a1187d6b8\"\u003e\u003ccode\u003e19805c9\u003c/code\u003e\u003c/a\u003e Bump cryptography from 46.0.3 to 46.0.5 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/1b102cd42868d49321ec10393ecaae5cedb912b5\"\u003e\u003ccode\u003e1b102cd\u003c/code\u003e\u003c/a\u003e Update project URLs in pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/e41afda72b5ee6e4433ba044fe065afe1399ed48\"\u003e\u003ccode\u003ee41afda\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/dba60770813761db92bba5753a6694e25c39a5a0\"\u003e\u003ccode\u003edba6077\u003c/code\u003e\u003c/a\u003e Update .pre-commit-config.yaml to use pinned version numbers. (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/e6f4ccc49d31feaab4e9f930525573e60c5c4cfb\"\u003e\u003ccode\u003ee6f4ccc\u003c/code\u003e\u003c/a\u003e Add pytest to dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jazzband/dj-database-url/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `djangorestframework` from 3.16.1 to 3.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/django-rest-framework/releases\"\u003edjangorestframework's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9928\"\u003eencode/django-rest-framework#9928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\"\u003ehttps://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 by \u003ca href=\"https://github.com/auvipy\"\u003e\u003ccode\u003e@​auvipy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9781\"\u003eencode/django-rest-framework#9781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop deprecated coreapi support by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9895\"\u003eencode/django-rest-framework#9895\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to specify output format for \u003ccode\u003eDurationField\u003c/code\u003e by \u003ca href=\"https://github.com/sevdog\"\u003e\u003ccode\u003e@​sevdog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/8532\"\u003eencode/django-rest-framework#8532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing decorators: \u003ccode\u003e@versioning_class()\u003c/code\u003e, \u003ccode\u003e@content_negotiation_class()\u003c/code\u003e, \u003ccode\u003e@metadata_class()\u003c/code\u003e for function-based views by \u003ca href=\"https://github.com/qqii\"\u003e\u003ccode\u003e@​qqii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9719\"\u003eencode/django-rest-framework#9719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9780\"\u003eencode/django-rest-framework#9780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eviolation_error_code\u003c/code\u003e and \u003ccode\u003eviolation_error_message\u003c/code\u003e from \u003ccode\u003eUniqueConstraint\u003c/code\u003e in \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e by \u003ca href=\"https://github.com/s-aleshin\"\u003e\u003ccode\u003e@​s-aleshin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9766\"\u003eencode/django-rest-framework#9766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eipaddress\u003c/code\u003e objects in \u003ccode\u003eJSONEncoder\u003c/code\u003e by \u003ca href=\"https://github.com/corenting\"\u003e\u003ccode\u003e@​corenting\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9087\"\u003eencode/django-rest-framework#9087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional support to serialize \u003ccode\u003eBigInteger\u003c/code\u003e to string by \u003ca href=\"https://github.com/HoodyH\"\u003e\u003ccode\u003e@​HoodyH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9775\"\u003eencode/django-rest-framework#9775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Django 6.0 support by \u003ca href=\"https://github.com/MehrazRumman\"\u003e\u003ccode\u003e@​MehrazRumman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9819\"\u003eencode/django-rest-framework#9819\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent small risk of \u003ccode\u003eToken\u003c/code\u003e overwrite by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9754\"\u003eencode/django-rest-framework#9754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e validation when condition references a read-only field by \u003ca href=\"https://github.com/ticosax\"\u003e\u003ccode\u003e@​ticosax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9764\"\u003eencode/django-rest-framework#9764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix validation on many to many field when \u003ccode\u003edefault=None\u003c/code\u003e by \u003ca href=\"https://github.com/Genarito\"\u003e\u003ccode\u003e@​Genarito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9790\"\u003eencode/django-rest-framework#9790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid SPDX license expression in \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/TheFunctionalGuy\"\u003e\u003ccode\u003e@​TheFunctionalGuy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9799\"\u003eencode/django-rest-framework#9799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e to ensure a valid \u003ccode\u003edatetime-local\u003c/code\u003e format by \u003ca href=\"https://github.com/mgaligniana\"\u003e\u003ccode\u003e@​mgaligniana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9365\"\u003eencode/django-rest-framework#9365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mutable default arguments in OrderingFilter methods by \u003ca href=\"https://github.com/killerdevildog\"\u003e\u003ccode\u003e@​killerdevildog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9742\"\u003eencode/django-rest-framework#9742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate TokenAdmin to respect USERNAME_FIELD of the user model by \u003ca href=\"https://github.com/m000\"\u003e\u003ccode\u003e@​m000\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9836\"\u003eencode/django-rest-framework#9836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve ordering in \u003ccode\u003eMultipleChoiceField\u003c/code\u003e by \u003ca href=\"https://github.com/fbozhang\"\u003e\u003ccode\u003e@​fbozhang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9735\"\u003eencode/django-rest-framework#9735\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate French translation by \u003ca href=\"https://github.com/SebCorbin\"\u003e\u003ccode\u003e@​SebCorbin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9770\"\u003eencode/django-rest-framework#9770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Brazilian Portuguese translations by \u003ca href=\"https://github.com/JVPinheiroReis\"\u003e\u003ccode\u003e@​JVPinheiroReis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9828\"\u003eencode/django-rest-framework#9828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and improve French translations by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9896\"\u003eencode/django-rest-framework#9896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing Russian translation by \u003ca href=\"https://github.com/minorytanaka\"\u003e\u003ccode\u003e@​minorytanaka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9903\"\u003eencode/django-rest-framework#9903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate packaging to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9056\"\u003eencode/django-rest-framework#9056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove package data rules from \u003ccode\u003eMANIFEST.in\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9825\"\u003eencode/django-rest-framework#9825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet up release workflow with trusted publisher by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9852\"\u003eencode/django-rest-framework#9852\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor token generation to use the \u003ccode\u003esecrets\u003c/code\u003e module by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9760\"\u003eencode/django-rest-framework#9760\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd validation for decorator out-of-order with \u003ccode\u003e@api_view\u003c/code\u003e by \u003ca href=\"https://github.com/kernelshard\"\u003e\u003ccode\u003e@​kernelshard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9821\"\u003eencode/django-rest-framework#9821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to mkdocs material theme for documentation by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9849\"\u003eencode/django-rest-framework#9849\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khaledsukkar2\"\u003e\u003ccode\u003e@​khaledsukkar2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9717\"\u003eencode/django-rest-framework#9717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/22e231cf2f77b4cfe929de875d958b93916b1a8b\"\u003e\u003ccode\u003e22e231c\u003c/code\u003e\u003c/a\u003e Prepare bug fix release 3.17.1 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9931\"\u003e#9931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/8e99b53db7b122417580ec2993ac6776b4d858d5\"\u003e\u003ccode\u003e8e99b53\u003c/code\u003e\u003c/a\u003e Add condition to skip pushed tags from forks (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9924\"\u003e#9924\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c0407dee6ef8a5603c2d5d34373d724be7b98188\"\u003e\u003ccode\u003ec0407de\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9928\"\u003e#9928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/30d58a75eeef7097f97cdc9f171d2ec741b36d30\"\u003e\u003ccode\u003e30d58a7\u003c/code\u003e\u003c/a\u003e Fix the book sizing in the documentation (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9926\"\u003e#9926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/6f03b79c057c470524b12e9ac46bc2bb384570e0\"\u003e\u003ccode\u003e6f03b79\u003c/code\u003e\u003c/a\u003e Tweak order of changes in release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/021ab5664b085594876032cf062c1220bc1ca03c\"\u003e\u003ccode\u003e021ab56\u003c/code\u003e\u003c/a\u003e Bump version and update release notes for 3.17.0 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9921\"\u003e#9921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/19ebad70ae560e3f83c0e30af6be7c7df3b5aeec\"\u003e\u003ccode\u003e19ebad7\u003c/code\u003e\u003c/a\u003e Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9923\"\u003e#9923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/f222c55d8a498c9770f2795c6cd34fedffaf043c\"\u003e\u003ccode\u003ef222c55\u003c/code\u003e\u003c/a\u003e Correct requires-python key in pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/7e7de6fceee3ad2e20b0dd93b119b6b00eadd797\"\u003e\u003ccode\u003e7e7de6f\u003c/code\u003e\u003c/a\u003e Remove code fences from release checklist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c599d309490fe59ae385954ad544a64b58abffd2\"\u003e\u003ccode\u003ec599d30\u003c/code\u003e\u003c/a\u003e Update release process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.16.1...3.17.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib` from 3.10.8 to 3.10.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/matplotlib/matplotlib/releases\"\u003ematplotlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.10.9\u003c/h2\u003e\n\u003cp\u003eThis is a micro release of the v3.10.x series.\nHighlights of this release include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious minor bug and doc fixes\u003c/li\u003e\n\u003cli\u003eSecurity hardening validation of cyclers - Removing eval usage\u003c/li\u003e\n\u003cli\u003eSecurity hardening in Latex and PS calls - Removing shell escapes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/dd8d78b8dce60b6c8db86132892577a0b9dbe469\"\u003e\u003ccode\u003edd8d78b\u003c/code\u003e\u003c/a\u003e REL: v3.10.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/2fb18915bcfe69a188832c776fe18d88337de9bc\"\u003e\u003ccode\u003e2fb1891\u003c/code\u003e\u003c/a\u003e REL: Release prep v3.10.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/d0e923abfa016c04901fe4e315b9d215949f6fc5\"\u003e\u003ccode\u003ed0e923a\u003c/code\u003e\u003c/a\u003e Merge branch 'v3.10.8-doc' into v3.10.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/163793248a5fc9f23a560e45551c44351a8bd716\"\u003e\u003ccode\u003e1637932\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31558\"\u003e#31558\u003c/a\u003e from meeseeksmachine/auto-backport-of-pr-31556-on-v...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/a83faacb0dbe7edd1bae38e1e715b77b6aaebb84\"\u003e\u003ccode\u003ea83faac\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31556\"\u003e#31556\u003c/a\u003e: FIX: Inverted PyErr_Occurred check in enum type caster (_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/a4f57ab0623f9d26be29e0a3b0de904667c7eeb7\"\u003e\u003ccode\u003ea4f57ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31545\"\u003e#31545\u003c/a\u003e from ksunden/backport-of-pr-31282-on-v3.10.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/063288d0cc912aa2af5cc1b7e7ca3d228d9f8976\"\u003e\u003ccode\u003e063288d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31544\"\u003e#31544\u003c/a\u003e from ksunden/backport-of-pr-31248-on-v3.10.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/b2ed1969191a03ec8927f96573664474662ab4c1\"\u003e\u003ccode\u003eb2ed196\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31248\"\u003e#31248\u003c/a\u003e: SEC: Remove eval() from validate_cycler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/acc60241a70b920eaf04fce41a8cf0a77010fb7d\"\u003e\u003ccode\u003eacc6024\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31282\"\u003e#31282\u003c/a\u003e from scottshambaugh/tex_no_shell\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/e3fb54163b1ce9dbc1a9e8e0973289dc14e366c2\"\u003e\u003ccode\u003ee3fb541\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31078\"\u003e#31078\u003c/a\u003e from meeseeksmachine/auto-backport-of-pr-31075-on-v...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/matplotlib/matplotlib/compare/v3.10.8...v3.10.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-environ` from 0.12.1 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/django-environ/releases\"\u003edjango-environ's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.0\u003c/h2\u003e\n\u003ch2\u003e\u003ccode\u003ev0.13.0\u003c/code\u003e_ - 18-February-2026\u003c/h2\u003e\n\u003cp\u003eAdded\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded optional warnings when defaults are used\n\u003ccode\u003e[#582](https://github.com/joke2k/django-environ/issues/582) \u0026lt;https://github.com/joke2k/django-environ/pull/582\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003echoices\u003c/code\u003e argument support for value validation in \u003ccode\u003eEnv.str(...)\u003c/code\u003e\n\u003ccode\u003e[#555](https://github.com/joke2k/django-environ/issues/555) \u0026lt;https://github.com/joke2k/django-environ/pull/555\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded Valkey support via \u003ccode\u003evalkey://\u003c/code\u003e and \u003ccode\u003evalkeys://\u003c/code\u003e cache URL schemes\n\u003ccode\u003e[#554](https://github.com/joke2k/django-environ/issues/554) \u0026lt;https://github.com/joke2k/django-environ/pull/554\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003erediss://\u003c/code\u003e scheme in channels URL parsing\n\u003ccode\u003e[#573](https://github.com/joke2k/django-environ/issues/573) \u0026lt;https://github.com/joke2k/django-environ/pull/573\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded django-prometheus database backend aliases to DB URL parsing schemes\n\u003ccode\u003e[#559](https://github.com/joke2k/django-environ/issues/559) \u0026lt;https://github.com/joke2k/django-environ/pull/559\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanged\n+++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeclared support for Python 3.14\n\u003ccode\u003e[#580](https://github.com/joke2k/django-environ/issues/580) \u0026lt;https://github.com/joke2k/django-environ/pull/580\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eDeclared support for Django 5.2 and Django 6.0\n\u003ccode\u003e[#578](https://github.com/joke2k/django-environ/issues/578) \u0026lt;https://github.com/joke2k/django-environ/pull/578\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixed\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImproved type hint coverage and related lint issues\n\u003ccode\u003e[#546](https://github.com/joke2k/django-environ/issues/546) \u0026lt;https://github.com/joke2k/django-environ/pull/546\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eFixed typos in the FAQ page\n\u003ccode\u003e[#445](https://github.com/joke2k/django-environ/issues/445) \u0026lt;https://github.com/joke2k/django-environ/pull/445\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/django-environ/blob/develop/CHANGELOG.rst\"\u003edjango-environ's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev0.13.0\u003c/code\u003e_ - 18-February-2026\u003c/h2\u003e\n\u003cp\u003eAdded\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded optional warnings when defaults are used\n\u003ccode\u003e[#582](https://github.com/joke2k/django-environ/issues/582) \u0026lt;https://github.com/joke2k/django-environ/pull/582\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003echoices\u003c/code\u003e argument support for value validation in \u003ccode\u003eEnv.str(...)\u003c/code\u003e\n\u003ccode\u003e[#555](https://github.com/joke2k/django-environ/issues/555) \u0026lt;https://github.com/joke2k/django-environ/pull/555\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded Valkey support via \u003ccode\u003evalkey://\u003c/code\u003e and \u003ccode\u003evalkeys://\u003c/code\u003e cache URL schemes\n\u003ccode\u003e[#554](https://github.com/joke2k/django-environ/issues/554) \u0026lt;https://github.com/joke2k/django-environ/pull/554\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003erediss://\u003c/code\u003e scheme in channels URL parsing\n\u003ccode\u003e[#573](https://github.com/joke2k/django-environ/issues/573) \u0026lt;https://github.com/joke2k/django-environ/pull/573\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded django-prometheus database backend aliases to DB URL parsing schemes\n\u003ccode\u003e[#559](https://github.com/joke2k/django-environ/issues/559) \u0026lt;https://github.com/joke2k/django-environ/pull/559\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanged\n+++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeclared support for Python 3.14\n\u003ccode\u003e[#580](https://github.com/joke2k/django-environ/issues/580) \u0026lt;https://github.com/joke2k/django-environ/pull/581\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eDeclared support for Django 5.2 and Django 6.0\n\u003ccode\u003e[#578](https://github.com/joke2k/django-environ/issues/578) \u0026lt;https://github.com/joke2k/django-environ/pull/578\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixed\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImproved type hint coverage and related lint issues\n\u003ccode\u003e[#546](https://github.com/joke2k/django-environ/issues/546) \u0026lt;https://github.com/joke2k/django-environ/pull/546\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eFixed typos in the FAQ page\n\u003ccode\u003e[#445](https://github.com/joke2k/django-environ/issues/445) \u0026lt;https://github.com/joke2k/django-environ/pull/445\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/00746d0f63d37dcafad527ea7a820a46f8fb81e0\"\u003e\u003ccode\u003e00746d0\u003c/code\u003e\u003c/a\u003e docs: add Django 5.2 and 6.0 support to README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/d1f115932aed9d21c38c898c3ae4b4b678cd210d\"\u003e\u003ccode\u003ed1f1159\u003c/code\u003e\u003c/a\u003e Release 0.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/d82e361ddb7ffdad01451623d806d402c3a657fd\"\u003e\u003ccode\u003ed82e361\u003c/code\u003e\u003c/a\u003e Add optional warnings when defaults are used (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/582\"\u003e#582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/a78f7c888d840c1b1903371f2424ee641906c923\"\u003e\u003ccode\u003ea78f7c8\u003c/code\u003e\u003c/a\u003e Fixed some typos in the FAQ page (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/445\"\u003e#445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/24b299e002f3bcc14983eef4be770edb143338dc\"\u003e\u003ccode\u003e24b299e\u003c/code\u003e\u003c/a\u003e Feature/add choice parameter and raise an exception if fetched value is not w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/c4414130f4cf11704e9f1ea446c68074f69c0b54\"\u003e\u003ccode\u003ec441413\u003c/code\u003e\u003c/a\u003e Add django-prometheus database backends to DB_SCHEMES (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/98a0aad4c10e789d84e572a3f97a5a9cf9080973\"\u003e\u003ccode\u003e98a0aad\u003c/code\u003e\u003c/a\u003e Fix lint issues in environ type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/f4e77e41e629ae8631da9582241f7db527085699\"\u003e\u003ccode\u003ef4e77e4\u003c/code\u003e\u003c/a\u003e feat(cache): add valkey and valkeys as allowed schemes (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/dd4d308baea427b5e820a8ac326b0d63e557c956\"\u003e\u003ccode\u003edd4d308\u003c/code\u003e\u003c/a\u003e Add type hints (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/3137c4f733f90a14a12da9fc252d446357190537\"\u003e\u003ccode\u003e3137c4f\u003c/code\u003e\u003c/a\u003e Support lower case options for Django Redis cache backend (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/joke2k/django-environ/compare/v0.12.1...v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bandit` from 1.9.3 to 1.9.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyCQA/bandit/releases\"\u003ebandit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.9.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: fixed some typos in comments by \u003ca href=\"https://github.com/jakob1379\"\u003e\u003ccode\u003e@​jakob1379\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1351\"\u003ePyCQA/bandit#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/login-action from 3.6.0 to 3.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1353\"\u003ePyCQA/bandit#1353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/build-push-action from 6.18.0 to 6.19.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1357\"\u003ePyCQA/bandit#1357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix B613 crash when reading from stdin by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1361\"\u003ePyCQA/bandit#1361\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude filename in nosec 'no failed test' warning by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1363\"\u003ePyCQA/bandit#1363\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix B615 false positive when revision is set via variable by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1358\"\u003ePyCQA/bandit#1358\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLower version guard in check_ast_node to Python 3.12 by \u003ca href=\"https://github.com/rcgray\"\u003e\u003ccode\u003e@​rcgray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1355\"\u003ePyCQA/bandit#1355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix B106 reporting wrong line number on multiline function calls by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1360\"\u003ePyCQA/bandit#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jakob1379\"\u003e\u003ccode\u003e@​jakob1379\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1351\"\u003ePyCQA/bandit#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1361\"\u003ePyCQA/bandit#1361\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rcgray\"\u003e\u003ccode\u003e@​rcgray\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1355\"\u003ePyCQA/bandit#1355\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4\"\u003ehttps://github.com/PyCQA/bandit/compare/1.9.3...1.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/92ae8b82fb422a639f0ed8d99e96cea769594e08\"\u003e\u003ccode\u003e92ae8b8\u003c/code\u003e\u003c/a\u003e Fix B106 reporting wrong line number on multiline function calls (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1360\"\u003e#1360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/c8c8a55c3307333b8eb46cb2ef46d49b1fad6546\"\u003e\u003ccode\u003ec8c8a55\u003c/code\u003e\u003c/a\u003e Lower version guard in check_ast_node to Python 3.12 (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/8f2f9284fca830ca017b2e2cc3ddc2a7b74b7040\"\u003e\u003ccode\u003e8f2f928\u003c/code\u003e\u003c/a\u003e Fix B615 false positive when revision is set via variable (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1358\"\u003e#1358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/e27493f71c114e0e5dfc0a475d225d7f9f4a7e2b\"\u003e\u003ccode\u003ee27493f\u003c/code\u003e\u003c/a\u003e Include filename in nosec 'no failed test' warning (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1363\"\u003e#1363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/b69b336450301d424e5ba04c9a58e8d41b7169b6\"\u003e\u003ccode\u003eb69b336\u003c/code\u003e\u003c/a\u003e Fix B613 crash when reading from stdin (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1361\"\u003e#1361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/e418b798abcc3f2b00c07fd6315da8fe9aeead00\"\u003e\u003ccode\u003ee418b79\u003c/code\u003e\u003c/a\u003e Bump docker/build-push-action from 6.18.0 to 6.19.2 (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1357\"\u003e#1357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/ff646fd7e0e34fb350196fc58448fad17178c27a\"\u003e\u003ccode\u003eff646fd\u003c/code\u003e\u003c/a\u003e Bump docker/login-action from 3.6.0 to 3.7.0 (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1353\"\u003e#1353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/c0def6c7ebab60f98c28ba759d488f4fbe6dae89\"\u003e\u003ccode\u003ec0def6c\u003c/code\u003e\u003c/a\u003e chore: fixed some typos in comments (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1351\"\u003e#1351\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.39 to 1.42.96\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/60921ee112275b89a361d137657d9d48daacbf2a\"\u003e\u003ccode\u003e60921ee\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.96'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/508588d61de44577d761094e3f204dd85a0eb3c0\"\u003e\u003ccode\u003e508588d\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.96\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/fd3d17795980826ef2b5e34fd4eb62338d1ecc55\"\u003e\u003ccode\u003efd3d177\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4be6bbd12cb1ad40505dab385bafab62e70a4da8\"\u003e\u003ccode\u003e4be6bbd\u003c/code\u003e\u003c/a\u003e chore: enable dependabot for pre-commit and refresh hook pins (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4775\"\u003e#4775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/a47ce816eb1f088956353335f2bd2cd56b6b1fc6\"\u003e\u003ccode\u003ea47ce81\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4ccdda83164e69faf24839542d20a523c5263465\"\u003e\u003ccode\u003e4ccdda8\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/03cc5cdf7c550b4a36d43f07745f77aa9dbc0c9a\"\u003e\u003ccode\u003e03cc5cd\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.95\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/ab160a576b0e6e150a9752837fe5e52961ae7349\"\u003e\u003ccode\u003eab160a5\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/10094042f04226ec32ae43a7051c2635bc033164\"\u003e\u003ccode\u003e1009404\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.94'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/0017b80aa909dd8e95cfde8f79345cef8bcafc66\"\u003e\u003ccode\u003e0017b80\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.94' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.39...1.42.96\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.39 to 1.42.96\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/435c9a3f09d6ef9716e5d8a3c0d4be118cfbfe41\"\u003e\u003ccode\u003e435c9a3\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.96'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/804525091b40e8bdfd90f2145ebe73f59c6ba584\"\u003e\u003ccode\u003e8045250\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.96\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/243b48e8f21e9c814e63bbe93221590da6c48904\"\u003e\u003ccode\u003e243b48e\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8ec506c1254150336916f8ed495df6529b9c5fb9\"\u003e\u003ccode\u003e8ec506c\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8ce183e14781ff29cff89057e84b398d0f5f0c81\"\u003e\u003ccode\u003e8ce183e\u003c/code\u003e\u003c/a\u003e chore: enable dependabot for pre-commit and refresh hook pins (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0aaee4ddba63cfd6337907ea8491a97424606586\"\u003e\u003ccode\u003e0aaee4d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/daaf0f37dc534f42953184a0910d9a5ea154a967\"\u003e\u003ccode\u003edaaf0f3\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/157860ae07eb2b3f6c32cfaa4f10c48af69a084c\"\u003e\u003ccode\u003e157860a\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.95\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/19a789f6b7050d12b4188589a60efc454fdd6efc\"\u003e\u003ccode\u003e19a789f\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b88d178dd9bd410769f72e45f72e4d8e0716b2c4\"\u003e\u003ccode\u003eb88d178\u003c/code\u003e\u003c/a\u003e Merge customizations for CloudWatch OTel enrichment (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3676\"\u003e#3676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.39...1.42.96\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.8.0 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003emax_depth\u003c/code\u003e decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209)\u003c/li\u003e\n\u003cli\u003eChanged the default \u003ccode\u003eread_size\u003c/code\u003e from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing \u003ccode\u003eread_size=4096\u003c/code\u003e when they don't need to access the stream directly after decoding. Added a direct read path for \u003ccode\u003eread_size=1\u003c/code\u003e to avoid buffer management overhead. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/275\"\u003e#275\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a missed check for an exception in the C implementation of \u003ccode\u003eCBOREncoder.encode_shared()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed two reference/memory leaks in the C extension's long string decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/290\"\u003e#290\u003c/a\u003e PR by \u003ca href=\"https://github.com/killiancowan82\"\u003e\u003ccode\u003e@​killiancowan82\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C decoder ignoring the \u003ccode\u003estr_errors\u003c/code\u003e setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/255\"\u003e#255\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/93c598838d50b554e242920902aada82d32d55bc\"\u003e\u003ccode\u003e93c5988\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/d903d62c86de118e8abe626596f9be7b98ac44e9\"\u003e\u003ccode\u003ed903d62\u003c/code\u003e\u003c/a\u003e Updated the max_depth default value in the C function signature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2b53b2813d44a7919dae18747b5ac36cf9c5fb87\"\u003e\u003ccode\u003e2b53b28\u003c/code\u003e\u003c/a\u003e Stack allocate small strings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a7ac10d5cbb7a8622e8270c201a131ac2abc26c7\"\u003e\u003ccode\u003ea7ac10d\u003c/code\u003e\u003c/a\u003e Upped the max_depth value to 400\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/54c8ed541c5f4842508cace5ff4b2aae54bc731b\"\u003e\u003ccode\u003e54c8ed5\u003c/code\u003e\u003c/a\u003e Fixed reference/memory leaks in decode_definite_long_string (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a8d92dc3dc00233c796c4abccb5daa31089bf3c0\"\u003e\u003ccode\u003ea8d92dc\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c91aa007117828560329a1624eabc5dad5435ebc\"\u003e\u003ccode\u003ec91aa00\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/53521e7ca96c7a19f8a529fe59ef566212a24b3f\"\u003e\u003ccode\u003e53521e7\u003c/code\u003e\u003c/a\u003e Fixed ssize_t to Py_ssize_t\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/94e0d2125fbfb183606afa9ef07754a8dba50748\"\u003e\u003ccode\u003e94e0d21\u003c/code\u003e\u003c/a\u003e Added missing Python counterpart for max_depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/bcb6cea4edde1d00ff4f0eece883dea951f66e1b\"\u003e\u003ccode\u003ebcb6cea\u003c/code\u003e\u003c/a\u003e Added the max_depth decoder parameter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.8.0...5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `celery` from 5.6.2 to 5.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/celery/celery/releases\"\u003ecelery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Django worker recursion bug + defensive checks for pool_cls.\u003cstrong\u003emodule\u003c/strong\u003e by \u003ca href=\"https://github.com/maycuatroi1\"\u003e\u003ccode\u003e@​maycuatroi1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10048\"\u003ecelery/celery#10048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update user_preload_options example to use click. by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10056\"\u003ecelery/celery#10056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid configuration key \u0026quot;bootstrap_servers\u0026quot; in Kafka demo by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10060\"\u003ecelery/celery#10060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix broken images on PyPI page by \u003ca href=\"https://github.com/Timour-Ilyas\"\u003e\u003ccode\u003e@​Timour-Ilyas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10066\"\u003ecelery/celery#10066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove broken reference. by \u003ca href=\"https://github.com/sueannioanis\"\u003e\u003ccode\u003e@​sueannioanis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10071\"\u003ecelery/celery#10071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved --dist=loadscope from smoke tests by \u003ca href=\"https://github.com/Nusnus\"\u003e\u003ccode\u003e@​Nusnus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10073\"\u003ecelery/celery#10073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Clarify task_retry signal args may be None by \u003ca href=\"https://github.com/GangEunzzang\"\u003e\u003ccode\u003e@​GangEunzzang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10076\"\u003ecelery/celery#10076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate example for Django by \u003ca href=\"https://github.com/sbc-khacnha\"\u003e\u003ccode\u003e@​sbc-khacnha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10081\"\u003ecelery/celery#10081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake tests compatible with pymongo \u0026gt;= 4.16 by \u003ca href=\"https://github.com/cjwatson\"\u003e\u003ccode\u003e@​cjwatson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10074\"\u003ecelery/celery#10074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: source install of cassandra-driver by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10105\"\u003ecelery/celery#10105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: register task cross-reference role in Sphinx extension by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10100\"\u003ecelery/celery#10100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid cycle detection in native delayed delivery by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10095\"\u003ecelery/celery#10095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by \u003ca href=\"https://github.com/mriddle\"\u003e\u003ccode\u003e@​mriddle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10086\"\u003ecelery/celery#10086\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix dusk_astronomical horizon sign (+18 -\u0026gt; -18) by \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10121\"\u003ecelery/celery#10121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10106 onupdate col use lambda func by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10108\"\u003ecelery/celery#10108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix warm shutdown RuntimeError with eventlet\u0026gt;=0.37.0 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10083\"\u003e#10083\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10123\"\u003ecelery/celery#10123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 10109 db backend connection health by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10124\"\u003ecelery/celery#10124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend filter unsupport sql engine arguments with nullpool \u003ca href=\"https://redirect.github.com/celery/celery/issues/7355\"\u003e#7355\u003c/a\u003e by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10134\"\u003ecelery/celery#10134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(beat): correct argument order in Service.\u003cstrong\u003ereduce\u003c/strong\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10137\"\u003ecelery/celery#10137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: declare explicit read-only token permissions in workflow jobs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10139\"\u003ecelery/celery#10139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: 'boto3to' to 'boto3 to' by \u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10133\"\u003ecelery/celery#10133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend: Add missing index on date_done (Fixes \u003ca href=\"https://redirect.github.com/celery/celery/issues/10097\"\u003e#10097\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10098\"\u003ecelery/celery#10098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in CONTRIBUTING.rst by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10141\"\u003ecelery/celery#10141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefer to Flower / Prometheus for monitoring by \u003ca href=\"https://github.com/WilliamDEdwards\"\u003e\u003ccode\u003e@​WilliamDEdwards\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10140\"\u003ecelery/celery#10140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: remove duplicated words in broker and routing docs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10146\"\u003ecelery/celery#10146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix stale version reference and grammar in README by \u003ca href=\"https://github.com/kelsonbrito50\"\u003e\u003ccode\u003e@​kelsonbrito50\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10145\"\u003ecelery/celery#10145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix wording in Celery 5.3 worker pool notes by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10149\"\u003ecelery/celery#10149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix duplicated wording in 3.1 changelog entry by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10152\"\u003ecelery/celery#10152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix changelog typo in context manager wording by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10144\"\u003ecelery/celery#10144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10096 worker fails to reconnect after redis failover by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10151\"\u003ecelery/celery#10151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove on_af...\n\n_Description has been truncated_","html_url":"https://github.com/rahim8050/weather-apis/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rahim8050%2Fweather-apis/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"}],"issue_packages":[{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-06-11T00:44:29.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4636185684","node_id":"PR_kwDON8zQFc7lGli1","number":46,"state":"closed","title":"chore(deps): bump the pip group across 10 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-06-11T00:45:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-11T00:44:29.000Z","updated_at":"2026-06-11T00:54:41.000Z","time_to_close":74,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":21,"packages":[{"name":"azure-core","old_version":"1.32.0","new_version":"1.38.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"black","old_version":"23.12.1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"fickling","old_version":"0.1.5","new_version":"0.1.10","repository_url":"https://github.com/trailofbits/fickling"},{"name":"filelock","old_version":"3.16.1","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"flask","old_version":"3.1.0","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"geopandas","old_version":"1.1.1","new_version":"1.1.2","repository_url":"https://github.com/geopandas/geopandas"},{"name":"google-cloud-aiplatform","old_version":"1.88.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"gradio","old_version":"5.28.0","new_version":"6.7.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"langgraph","old_version":"0.3.21","new_version":"1.0.10rc1","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langgraph-checkpoint","old_version":"2.0.23","new_version":"4.0.0","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"orjson","old_version":"3.10.16","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"pyarrow","old_version":"16.1.0","new_version":"23.0.1","repository_url":"https://github.com/apache/arrow"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"sentencepiece","old_version":"0.2.0","new_version":"0.2.1","repository_url":"https://github.com/google/sentencepiece"},{"name":"starlette","old_version":"0.41.3","new_version":"1.0.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"torch","old_version":"2.5.1","new_version":"2.10.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"virtualenv","old_version":"20.29.1","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"},{"name":"werkzeug","old_version":"3.1.1","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"wheel","old_version":"0.45.1","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen30b/wandb/run-20251119_104422-i55d4x26/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085502-ntfgah7s/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_085815-o69alc9b/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 19 updates in the /dakota_rl_training/outputs/tinker_qwen4b/wandb/run-20251120_090142-tbmfb9o0/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182158-ymh8qjl6/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /dakota_rl_training/outputs/tinker_smoke/wandb/run-20251118_182714-8xv4ah4h/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251105_064731-wq8xuzar/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 18 updates in the /wandb/run-20251105_064758-5jy9n26c/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.88.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `0.3.21` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `2.0.23` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 12 updates in the /wandb/run-20251118_210438-u82h659i/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.41.3` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n\nBumps the pip group with 21 updates in the /wandb/run-20260527_165151-owf98569/files directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.32.0` | `1.38.0` |\n| [black](https://github.com/psf/black) | `23.12.1` | `26.3.1` |\n| [fickling](https://github.com/trailofbits/fickling) | `0.1.5` | `0.1.10` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` |\n| [flask](https://github.com/pallets/flask) | `3.1.0` | `3.1.3` |\n| [geopandas](https://github.com/geopandas/geopandas) | `1.1.1` | `1.1.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.129.0` | `1.133.0` |\n| [gradio](https://github.com/gradio-app/gradio) | `5.28.0` | `6.7.0` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.0.3` | `1.0.10rc1` |\n| [langgraph-checkpoint](https://github.com/langchain-ai/langgraph) | `3.0.1` | `4.0.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.16` | `3.11.6` |\n| [pyarrow](https://github.com/apache/arrow) | `16.1.0` | `23.0.1` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.2.0` | `0.2.1` |\n| [starlette](https://github.com/Kludex/starlette) | `0.48.0` | `1.0.1` |\n| [torch](https://github.com/pytorch/pytorch) | `2.5.1` | `2.10.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.1` | `20.36.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.1` | `0.46.2` |\n| [multipart](https://github.com/defnull/multipart) | `1.3.0` | `1.3.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.3.0` | `26.0.0` |\n\n\nUpdates `azure-core` from 1.32.0 to 1.38.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/releases\"\u003eazure-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eazure-ai-ml_1.34.0\u003c/h2\u003e\n\u003ch2\u003e1.34.0 (2026-06-11)\u003c/h2\u003e\n\u003ch3\u003eBugs Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed cross-tenant registry endpoint resolution for deployment template operations by using the registry discovery API instead of ARM calls.\u003c/li\u003e\n\u003cli\u003eFixed deployment template update failing with immutable field errors by ensuring \u003ccode\u003eallowedInstanceType\u003c/code\u003e and \u003ccode\u003eallowedEnvironmentVariableOverrides\u003c/code\u003e are properly round-tripped during serialization.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6d2e6431ea0991861640e449e51e894247a7771a\"\u003e\u003ccode\u003e6d2e643\u003c/code\u003e\u003c/a\u003e update release date (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44609\"\u003e#44609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ca2b965d8cce6eaa135fe01804b96164b56b7f16\"\u003e\u003ccode\u003eca2b965\u003c/code\u003e\u003c/a\u003e [Core] Prep release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44590\"\u003e#44590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fb8cbea1b9d85135f7ba99bfc6cbc2f3cee138ff\"\u003e\u003ccode\u003efb8cbea\u003c/code\u003e\u003c/a\u003e Introduce new version of continuation token (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44574\"\u003e#44574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6578a78f6a7429bbe73e27ebe904d7f362d7efa2\"\u003e\u003ccode\u003e6578a78\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44398\"\u003e#44398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/a69a3c26f3a3ed0c9e5a888d991ad447754ad00b\"\u003e\u003ccode\u003ea69a3c2\u003c/code\u003e\u003c/a\u003e add example to demo how to use truststore (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44343\"\u003e#44343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/5ade1087ec6a425d7639eefcff206ceffdf3d48f\"\u003e\u003ccode\u003e5ade108\u003c/code\u003e\u003c/a\u003e Bumping the targeted \u003ccode\u003ehttpx\u003c/code\u003e for \u003ccode\u003eazure-core-experimental\u003c/code\u003e dev reqs (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44328\"\u003e#44328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/cbb1db62711eae72aca1b2bbeedcbd7e02d21109\"\u003e\u003ccode\u003ecbb1db6\u003c/code\u003e\u003c/a\u003e [core] add tests and fix backcompat functions (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/44084\"\u003e#44084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/4adcc524b09e09e4916f1280a32f9802cc798788\"\u003e\u003ccode\u003e4adcc52\u003c/code\u003e\u003c/a\u003e [Core] Support timeout error in requests+aiohttp transports (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43201\"\u003e#43201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/fd709673eacbebc1107d998f217a131fa3394326\"\u003e\u003ccode\u003efd70967\u003c/code\u003e\u003c/a\u003e [Core] Increment version for core release (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43435\"\u003e#43435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/b52527cdfdeff6b6aab4b93a87d4402b1403ce89\"\u003e\u003ccode\u003eb52527c\u003c/code\u003e\u003c/a\u003e [Core] Update TypeHandlerRegistry typing (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/43393\"\u003e#43393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-core_1.32.0...azure-core_1.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 23.12.1 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/23.12.1...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fickling` from 0.1.5 to 0.1.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/trailofbits/fickling/releases\"\u003efickling's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpanded the unsafe modules blocklist with:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e_frozen_importlib\u003c/code\u003e, \u003ccode\u003e_frozen_importlib_external\u003c/code\u003e, \u003ccode\u003e_imp\u003c/code\u003e to prevent access to references of blocked modules (\u003ca href=\"https://github.com/trailofbits/fickling/commit/b9e690c5a57ee9cd341de947fc6151959f4ae359\"\u003ehttps://github.com/trailofbits/fickling/commit/b9e690c5a57ee9cd341de947fc6151959f4ae359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003einspect\u003c/code\u003e to block a \u003ccode\u003egetattr\u003c/code\u003e equivalent (\u003ca href=\"https://github.com/trailofbits/fickling/commit/9a6d03fb74da5f37db8cf8ab6600bfb6679403eb\"\u003ehttps://github.com/trailofbits/fickling/commit/9a6d03fb74da5f37db8cf8ab6600bfb6679403eb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elinecache\u003c/code\u003e and \u003ccode\u003edifflib\u003c/code\u003e to prevent file access, \u003ccode\u003egc\u003c/code\u003e for module references (\u003ca href=\"https://github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d\"\u003ehttps://github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e for the report!\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform\u003c/code\u003e to prevent file access (\u003ca href=\"https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975\"\u003ehttps://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975\u003c/a\u003e). Thanks \u003ca href=\"https://github.com/mldangelo\"\u003e\u003ccode\u003e@​mldangelo\u003c/code\u003e\u003c/a\u003e for the report!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGeneral\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eVarious \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/244\"\u003etrailofbits/fickling#244\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/245\"\u003etrailofbits/fickling#245\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/246\"\u003etrailofbits/fickling#246\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/trailofbits/fickling/compare/v0.1.9...v0.1.10\"\u003ehttps://github.com/trailofbits/fickling/compare/v0.1.9...v0.1.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.1.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpanded the unsafe modules blocklist to include \u003ccode\u003euuid\u003c/code\u003e, \u003ccode\u003e_osx_support\u003c/code\u003e and \u003ccode\u003e_aix_support\u003c/code\u003e(GHSA-5hwf-rc88-82xm)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/240\"\u003e#240\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/yash2998chhabria\"\u003e\u003ccode\u003e@​yash2998chhabria\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003erun_hook()\u003c/code\u003e to cover missing pickle entry points (GHSA-wccx-j62j-r448)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/242\"\u003e#242\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/mldangelo\"\u003e\u003ccode\u003e@​mldangelo\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGeneral\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eVaroious \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/238\"\u003e#238\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/trailofbits/fickling/compare/v0.1.8...v0.1.9\"\u003ehttps://github.com/trailofbits/fickling/compare/v0.1.8...v0.1.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.1.8\u003c/h2\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003ch2\u003eBreaking changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop Python 3.9 support, minimum is now 3.10 and we started supporting 3.14 (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/175\"\u003e#175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI exit codes now follow ClamAV conventions: 0 for clean, 1 for unsafe, 2 for error (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMalformed pickles raise \u003ccode\u003eInterpretationError\u003c/code\u003e instead of \u003ccode\u003eValueError\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWe added many new modules to the unsafe imports blocklist (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/210\"\u003e#210\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/215\"\u003e#215\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/217\"\u003e#217\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/233\"\u003e#233\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/236\"\u003e#236\u003c/a\u003e), while trying to reduce false positives on builtins (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a generic bypass via \u003ccode\u003eOBJ\u003c/code\u003e (\u003ca href=\"https://github.com/trailofbits/fickling/security/advisories/GHSA-mxhj-88fx-4pcv\"\u003ehttps://github.com/trailofbits/fickling/security/advisories/GHSA-mxhj-88fx-4pcv\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/235\"\u003etrailofbits/fickling#235\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/yash2998chhabria\"\u003e\u003ccode\u003e@​yash2998chhabria\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExpanded the blocklist of unsafe imports with various modules (\u003ca href=\"https://github.com/trailofbits/fickling/security/advisories/GHSA-mhc9-48gj-9gp3\"\u003ehttps://github.com/trailofbits/fickling/security/advisories/GHSA-mhc9-48gj-9gp3\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eFixed in \u003ca href=\"https://redirect.github.com/trailofbits/fickling/pull/236\"\u003etrailofbits/fickling#236\u003c/a\u003e. Thank you \u003ca href=\"https://github.com/yash2998chhabria\"\u003e\u003ccode\u003e@​yash2998chhabria\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExpanded the blocklist to catch outbound network connections (\u003ca href=\"https://github.com/trailofbits/fickling/security/advisories/GHSA-83pf-v6qq-pwmr\"\u003ehttps://github.com/trailofbits/fickling/security/advisories/GHSA-83pf-v6qq-pwmr\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/f5dc67b0c13acb1f3cb49a5192992b8b82975dbf\"\u003e\u003ccode\u003ef5dc67b\u003c/code\u003e\u003c/a\u003e Bump version to 0.1.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/7f39d97258217ee2c21a1f5031d4a6d7343eb30d\"\u003e\u003ccode\u003e7f39d97\u003c/code\u003e\u003c/a\u003e Add linecache, difflib, gc to UNSAFE_IMPORTS (GHSA-r48f-3986-4f9c)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975\"\u003e\u003ccode\u003e351ed4d\u003c/code\u003e\u003c/a\u003e Add platform to UNSAFE_IMPORTS (GHSA-5cxw-w2xg-2m8h)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/9a6d03fb74da5f37db8cf8ab6600bfb6679403eb\"\u003e\u003ccode\u003e9a6d03f\u003c/code\u003e\u003c/a\u003e Add inspect to UNSAFE_IMPORTS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/b9e690c5a57ee9cd341de947fc6151959f4ae359\"\u003e\u003ccode\u003eb9e690c\u003c/code\u003e\u003c/a\u003e Add _frozen_importlib, _frozen_importlib_external, _imp to UNSAFE_IMPORTS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/e243fbbfd8a7f9866dbd6130f03e336628a6c2c5\"\u003e\u003ccode\u003ee243fbb\u003c/code\u003e\u003c/a\u003e Bump the all group with 3 updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/a7c7cc4adb48a778b827ce86788483084e4aaff0\"\u003e\u003ccode\u003ea7c7cc4\u003c/code\u003e\u003c/a\u003e Bump the all group with 2 updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/8abca135a87310b7a54728aa5ff83d66b766e08e\"\u003e\u003ccode\u003e8abca13\u003c/code\u003e\u003c/a\u003e Bump the all group with 2 updates (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/a870060d5660206a352f960806702475c7757147\"\u003e\u003ccode\u003ea870060\u003c/code\u003e\u003c/a\u003e Bump version to 0.1.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/trailofbits/fickling/commit/ae0b565fe5d7b1117b6fe8dd48a2ebff70fd95d8\"\u003e\u003ccode\u003eae0b565\u003c/code\u003e\u003c/a\u003e Bump picklescan from 1.0.3 to 1.0.4 in /pickle_scanning_benchmark (\u003ca href=\"https://redirect.github.com/trailofbits/fickling/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/trailofbits/fickling/compare/v0.1.5...v0.1.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.16.1 to 3.20.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.20.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix TOCTOU symlink vulnerability in SoftFileLock by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/465\"\u003etox-dev/filelock#465\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.2...3.20.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Unix systems without O_NOFOLLOW by \u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/464\"\u003etox-dev/filelock#464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson\"\u003e\u003ccode\u003e@​mwilliamson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/463\"\u003etox-dev/filelock#463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.1...3.20.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/461\"\u003etox-dev/filelock#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.20.0...3.20.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.20.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tox.toml to sdist by \u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate docs with example by \u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd 3.14 support and drop 3.9 by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/448\"\u003etox-dev/filelock#448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mtelka\"\u003e\u003ccode\u003e@​mtelka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/436\"\u003etox-dev/filelock#436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/znichollscr\"\u003e\u003ccode\u003e@​znichollscr\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/438\"\u003etox-dev/filelock#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.19.1...3.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.19.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eadd 3.14t (free threading) to matrix by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/433\"\u003etox-dev/filelock#433\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIncrease test coverage by \u003ca href=\"https://github.com/paultiq\"\u003e\u003ccode\u003e@​paultiq\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/434\"\u003etox-dev/filelock#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst\"\u003efilelock's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e###########\nChangelog\n###########\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.3 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): restore release environment on tag job :pr:\u003ccode\u003e559\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003evalidate pid range in _parse_lock_holder :pr:\u003ccode\u003e556\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔧 ci(release): publish to PyPI on tag push :pr:\u003ccode\u003e557\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.1.0 to 8.2.0 :pr:\u003ccode\u003e558\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.2 (2026-06-10)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 6.0.2 to 6.0.3 :pr:\u003ccode\u003e555\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e554\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echeck hostname in is_lock_held_by_us :pr:\u003ccode\u003e553\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🔒 fix(soft): harden stale-lock breaking and self-heal malformed locks :pr:\u003ccode\u003e551\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eopen marker reads non-blocking to refuse attacker-placed fifo :pr:\u003ccode\u003e549\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.1 (2026-06-03)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(soft): refuse to follow symlinks when reading the lock file :pr:\u003ccode\u003e548\u003c/code\u003e - by :user:\u003ccode\u003edxbjavid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e547\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e546\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e545\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e544\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path :pr:\u003ccode\u003e542\u003c/code\u003e - by :user:\u003ccode\u003elphuc2250gma\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify per-thread scope of FileLock configuration :pr:\u003ccode\u003e543\u003c/code\u003e - by :user:\u003ccode\u003eGares95\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e541\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix API docs of \u003ccode\u003erelease()\u003c/code\u003e :pr:\u003ccode\u003e540\u003c/code\u003e - by :user:\u003ccode\u003eMrAnno\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e539\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e538\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e537\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 :pr:\u003ccode\u003e536\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate :pr:\u003ccode\u003e535\u003c/code\u003e - by :user:\u003ccode\u003epre-commit-ci[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e3.29.0 (2026-04-19)\u003c/p\u003e\n\u003chr /\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(soft): enable stale lock detection on Windows :pr:\u003ccode\u003e534\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(async): use single-thread executor for lock consistency :pr:\u003ccode\u003e533\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:\u003ccode\u003e530\u003c/code\u003e - by :user:\u003ccode\u003edependabot[bot]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5\"\u003e\u003ccode\u003e41b42dd\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in SoftFileLock (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/f2e7d4046b6a2b375a573bcfbad21827b99f8939\"\u003e\u003ccode\u003ef2e7d40\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/50888548eb2f008d372e71f2835a47851ab83836\"\u003e\u003ccode\u003e5088854\u003c/code\u003e\u003c/a\u003e Support Unix systems without O_NOFOLLOW (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/463\"\u003e#463\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/377f62251d7cdf30768cc9ee1eb31cea1551c71b\"\u003e\u003ccode\u003e377f622\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/460\"\u003e#460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e\"\u003e\u003ccode\u003e4724d7f\u003c/code\u003e\u003c/a\u003e Fix TOCTOU symlink vulnerability in lock file creation (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/461\"\u003e#461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/cb69414a2327cf0a9887e12054d1dc112ee700af\"\u003e\u003ccode\u003ecb69414\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/459\"\u003e#459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/0769294f14a6c62eea64741722f7acef5386b4cd\"\u003e\u003ccode\u003e0769294\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/458\"\u003e#458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/414193a188892bd376eb5c56eb45a9cf8ecc9284\"\u003e\u003ccode\u003e414193a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/457\"\u003e#457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/1456797beb94ad59e5627462ad29f7ed3a966626\"\u003e\u003ccode\u003e1456797\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/456\"\u003e#456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tox-dev/filelock/commit/8d6bf90af313ac7fd6e41ef2b715d91dd6858f5c\"\u003e\u003ccode\u003e8d6bf90\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 5 to 6 (\u003ca href=\"https://redirect.github.com/tox-dev/py-filelock/issues/455\"\u003e#455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tox-dev/py-filelock/compare/3.16.1...3.20.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.1.0 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.1.0...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `geopandas` from 1.1.1 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/geopandas/geopandas/releases\"\u003egeopandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue that caused an error in \u003ccode\u003eGeoDataFrame.from_features\u003c/code\u003e when there is no \u003ccode\u003eproperties\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3599\"\u003e#3599\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_file\u003c/code\u003e and \u003ccode\u003eto_file\u003c/code\u003e errors (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003evalue_counts\u003c/code\u003e on GeoSeries now preserves CRS in index (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix f-string placeholders appearing in error messages when \u003ccode\u003epyogrio\u003c/code\u003e cannot be imported (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e.to_json\u003c/code\u003e now provides a clearer error message when called on a GeoDataFrame without an active geometry\ncolumn (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eCalling \u003ccode\u003edel gdf[\u0026quot;geometry\u0026quot;]\u003c/code\u003e now will downcast to a \u003ccode\u003epd.DataFrame\u003c/code\u003e if there are no geometry columns left\nin the dataframe (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix SQL injection in \u003ccode\u003eto_postgis\u003c/code\u003e via geometry column name (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3681\"\u003e#3681\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2\"\u003ehttps://github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/geopandas/geopandas/blob/main/CHANGELOG.md\"\u003egeopandas's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.1.2 (December 22, 2025)\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue that caused an error in \u003ccode\u003eGeoDataFrame.from_features\u003c/code\u003e when there is no \u003ccode\u003eproperties\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3599\"\u003e#3599\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_file\u003c/code\u003e and \u003ccode\u003eto_file\u003c/code\u003e errors (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003evalue_counts\u003c/code\u003e on GeoSeries now preserves CRS in index (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix f-string placeholders appearing in error messages when \u003ccode\u003epyogrio\u003c/code\u003e cannot be imported (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3682\"\u003e#3682\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eread_parquet\u003c/code\u003e with \u003ccode\u003eto_pandas_kwargs\u003c/code\u003e for complex (list/struct) arrow types (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3640\"\u003e#3640\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e.to_json\u003c/code\u003e now provides a clearer error message when called on a GeoDataFrame without an active geometry\ncolumn (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eCalling \u003ccode\u003edel gdf[\u0026quot;geometry\u0026quot;]\u003c/code\u003e now will downcast to a \u003ccode\u003epd.DataFrame\u003c/code\u003e if there are no geometry columns left\nin the dataframe (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3648\"\u003e#3648\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix SQL injection in \u003ccode\u003eto_postgis\u003c/code\u003e via geometry column name (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3681\"\u003e#3681\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/geopandas/geopandas/commit/81214bf9f3eaba9f5fdcfd141ae8d16fa17fd860\"\u003e\u003ccode\u003e81214bf\u003c/code\u003e\u003c/a\u003e RLS: backport fixes for 1.1.2 (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/geopandas/geopandas/commit/62dd4a2469bb6236b83fb91466a8183321da04da\"\u003e\u003ccode\u003e62dd4a2\u003c/code\u003e\u003c/a\u003e COMPAT: pandas 3 refactor breaks \u003cstrong\u003efinalize\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3611\"\u003e#3611\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/geopandas/geopandas/issues/3621\"\u003e#3621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.88.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a...\n\n_Description has been truncated_","html_url":"https://github.com/HarleyCoops/Dakota1890/pull/46","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HarleyCoops%2FDakota1890/issues/46","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/46/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-28T22:51:50.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4544364294","node_id":"PR_kwDOQjXu8M7gbzaf","number":2,"state":"closed","title":"chore(deps): bump the pip group across 7 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-03T22:59:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T22:51:50.000Z","updated_at":"2026-06-03T22:59:02.000Z","time_to_close":518830,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":15,"packages":[{"name":"google-cloud-aiplatform","old_version":"1.87.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"4.25.8","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"1.26.20","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest), [python-dotenv](https://github.com/theskumar/python-dotenv) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 6 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.7.0` |\n\nBumps the pip group with 2 updates in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest) and [pydantic-ai](https://github.com/pydantic/pydantic-ai).\nBumps the pip group with 7 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [langchain](https://github.com/langchain-ai/langchain) | `0.3.2` | `0.3.30` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.3.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.7.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the pip group with 1 update in the /gemini/sample-apps/quickbot/multi-agent-travel-concierge-with-adk/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.7.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\n\nUpdates `protobuf` from 5.29.5 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.5 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/8.3.5...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.1.0 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.1.1 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.1.1...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.87.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix RagManagedVertexVectorSearch when using backend_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/df0976ed3195dc8313f4728bc5ecb29dda55d467\"\u003edf0976e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - patch for vulnerability in visualization (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480\"\u003e8a00d43\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/78f2bdd08bae0696923e61ab73080b5846c67ae0\"\u003e\u003ccode\u003e78f2bdd\u003c/code\u003e\u003c/a\u003e chore(main): release 1.133.0 (\u003ca href=\"https://redirect.github.com/googleapis/python-aiplatform/issues/6211\"\u003e#6211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003e\u003ccode\u003ec8c0f0f\u003c/code\u003e\u003c/a\u003e fix: Add None check for agent_info in evals.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/9952b970b73cfe38e68c48b3699ee4e1df0264df\"\u003e\u003ccode\u003e9952b97\u003c/code\u003e\u003c/a\u003e chore: rollback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e\u003ccode\u003e83f4076\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/937d5af6b9bdbbe3b50181745c99550f124ad8b4\"\u003e\u003ccode\u003e937d5af\u003c/code\u003e\u003c/a\u003e Copybara import of the project:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/aaaf902be02747cd2281196aad6278df0fd11f7e\"\u003e\u003ccode\u003eaaaf902\u003c/code\u003e\u003c/a\u003e chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e\u003ccode\u003e8c876ef\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e\u003ccode\u003e5448f06\u003c/code\u003e\u003c/a\u003e fix: Require uri or staging bucket configuration for saving model to Vertex E...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e\u003ccode\u003e65717fa\u003c/code\u003e\u003c/a\u003e feat: GenAI SDK client(memory): Add enable_third_person_memories\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003e\u003ccode\u003ebe2eaaa\u003c/code\u003e\u003c/a\u003e fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.87.0...v1.133.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.10 to 3.15\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.12 (2026-04-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.11 (2025-10-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 16.0.0, including significant changes to UTS46\nprocessing. As a result of Unicode ending support for it, transitional\nprocessing no longer has an effect and returns the same result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/af30a092e158181d0b35ac66dfa813788126bdd8\"\u003e\u003ccode\u003eaf30a09\u003c/code\u003e\u003c/a\u003e Release 3.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/30314d4628744ca14cf2b5820564e5127a9f86f2\"\u003e\u003ccode\u003e30314d4\u003c/code\u003e\u003c/a\u003e Pre-release 3.15rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/05d4b219aa9eddc47371fcbd2000f0301016f3e9\"\u003e\u003ccode\u003e05d4b21\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/237\"\u003e#237\u003c/a\u003e from kjd/convert-docs-to-markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2987fdba1962bbb2358399e0084ba062b98a0bee\"\u003e\u003ccode\u003e2987fdb\u003c/code\u003e\u003c/a\u003e Convert README and HISTORY from reStructuredText to Markdown\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/59fa8002d514bf4a5ce7b58f67b9ec587d53fa9c\"\u003e\u003ccode\u003e59fa800\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/236\"\u003e#236\u003c/a\u003e from kjd/dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/def69834ced5d4b3c50439d8b99c4c856ec19ca2\"\u003e\u003ccode\u003edef6983\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/bbd8004a797185d8c56bb555cd5c88fde05e0631\"\u003e\u003ccode\u003ebbd8004\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/234\"\u003e#234\u003c/a\u003e from StanFromIreland/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/edd07c05024344a6ccb517414ccb36683aee99fc\"\u003e\u003ccode\u003eedd07c0\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5557db030c11bdec50d62aa5f631d705d33ba123\"\u003e\u003ccode\u003e5557db0\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f11746cf4981d25123ef7830d3ee60f07de8ae3d\"\u003e\u003ccode\u003ef11746c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/235\"\u003e#235\u003c/a\u003e from StanFromIreland/patch-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.10...v3.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.25.8 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"ht...\n\n_Description has been truncated_","html_url":"https://github.com/stevewithington/gcp-generative-ai/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevewithington%2Fgcp-generative-ai/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-26T04:19:00.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4521319009","node_id":"PR_kwDOQsR1Rs7fQvlz","number":238,"state":"closed","title":"chore(deps)(deps): bump the security-updates group across 1 directory with 33 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T02:17:56.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-26T04:19:00.000Z","updated_at":"2026-05-27T02:17:58.000Z","time_to_close":79136,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)(deps): bump","group_name":"security-updates","update_count":33,"packages":[{"name":"typer","old_version":"0.21.1","new_version":"0.25.1","repository_url":"https://github.com/fastapi/typer"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"openai","old_version":"2.14.0","new_version":"2.38.0","repository_url":"https://github.com/openai/openai-python"},{"name":"eth-hash","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/ethereum/eth-hash"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"ruff","old_version":"0.14.10","new_version":"0.15.14","repository_url":"https://github.com/astral-sh/ruff"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.0","new_version":"7.13.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"google-api-core","old_version":"2.28.1","new_version":"2.30.3","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"google-api-python-client","old_version":"2.187.0","new_version":"2.196.0","repository_url":"https://github.com/googleapis/google-api-python-client"},{"name":"google-auth","old_version":"2.47.0","new_version":"2.53.0","repository_url":"https://github.com/googleapis/google-auth-library-python"},{"name":"google-auth-httplib2","old_version":"0.3.0","new_version":"0.4.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"googleapis-common-protos","old_version":"1.72.0","new_version":"1.75.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"grpcio","old_version":"1.76.0","new_version":"1.80.0","repository_url":"https://github.com/grpc/grpc"},{"name":"httplib2","old_version":"0.31.0","new_version":"0.31.2","repository_url":"https://github.com/httplib2/httplib2"},{"name":"idna","old_version":"3.11","new_version":"3.16","repository_url":"https://github.com/kjd/idna"},{"name":"jiter","old_version":"0.12.0","new_version":"0.15.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"proto-plus","old_version":"1.27.0","new_version":"1.28.0","repository_url":"https://github.com/googleapis/google-cloud-python"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pyparsing","old_version":"3.3.1","new_version":"3.3.2","repository_url":"https://github.com/pyparsing/pyparsing"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"requests","old_version":"2.32.5","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the security-updates group with 30 updates in the /secbrain directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [typer](https://github.com/fastapi/typer) | `0.21.1` | `0.25.1` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.1` |\n| [openai](https://github.com/openai/openai-python) | `2.14.0` | `2.38.0` |\n| [eth-hash](https://github.com/ethereum/eth-hash) | `0.7.1` | `0.8.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.14.10` | `0.15.14` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.5.20` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.4.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.0` | `7.13.1` |\n| [google-api-core](https://github.com/googleapis/google-cloud-python) | `2.28.1` | `2.30.3` |\n| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.187.0` | `2.196.0` |\n| [google-auth](https://github.com/googleapis/google-auth-library-python) | `2.47.0` | `2.53.0` |\n| [google-auth-httplib2](https://github.com/googleapis/google-cloud-python) | `0.3.0` | `0.4.0` |\n| [googleapis-common-protos](https://github.com/googleapis/google-cloud-python) | `1.72.0` | `1.75.0` |\n| [grpcio](https://github.com/grpc/grpc) | `1.76.0` | `1.80.0` |\n| [httplib2](https://github.com/httplib2/httplib2) | `0.31.0` | `0.31.2` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.16` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.15.0` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [proto-plus](https://github.com/googleapis/google-cloud-python) | `1.27.0` | `1.28.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [pyparsing](https://github.com/pyparsing/pyparsing) | `3.3.1` | `3.3.2` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.34.2` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n\n\nUpdates `typer` from 0.21.1 to 0.25.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/releases\"\u003etyper's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump astral-sh/setup-uv from 7.6.0 to 8.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1699\"\u003e#1699\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.30 to 0.0.31. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1696\"\u003e#1696\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.0 to 2.13.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1697\"\u003e#1697\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/typer/blob/master/docs/release-notes.md\"\u003etyper's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.25.1 (2026-04-30)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔧 Add Typer Library Skill for Agents. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1620\"\u003e#1620\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.11 to 0.15.12. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1722\"\u003e#1722\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.10 to 0.3.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1723\"\u003e#1723\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0 (2026-04-26)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Don't truncate code lines in traceback when formatted with Rich. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1695\"\u003e#1695\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.2 (2026-04-22)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Ensure that \u003ccode\u003etyper.launch\u003c/code\u003e forwards correctly when launching a file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1708\"\u003e#1708\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🎨 Ensure \u003ccode\u003ety\u003c/code\u003e runs without errors. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1628\"\u003e#1628\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Add dates to release notes. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1612\"\u003e#1612\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Fix code blocks in reference docs overflowing table width. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1630\"\u003e#1630\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix broken link to FastAPI and Friends newsletter. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1540\"\u003e#1540\u003c/a\u003e by \u003ca href=\"https://github.com/Karlemami\"\u003e\u003ccode\u003e@​Karlemami\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Handle external links \u003ccode\u003etarget=_blank\u003c/code\u003e and CSS automatically in JS and CSS. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1622\"\u003e#1622\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Remove link to Typer developer survey. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1609\"\u003e#1609\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Clean up documentation in \u003ccode\u003einstall.md\u003c/code\u003e file. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1606\"\u003e#1606\u003c/a\u003e by \u003ca href=\"https://github.com/Johandielangman\"\u003e\u003ccode\u003e@​Johandielangman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump mypy from 1.20.1 to 1.20.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1715\"\u003e#1715\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump prek from 0.3.9 to 0.3.10. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1716\"\u003e#1716\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic-settings from 2.13.1 to 2.14.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1713\"\u003e#1713\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ty from 0.0.31 to 0.0.32. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1711\"\u003e#1711\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.2 to 2.13.3. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1712\"\u003e#1712\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1667\"\u003e#1667\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1710\"\u003e#1710\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1700\"\u003e#1700\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pydantic from 2.13.1 to 2.13.2. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1703\"\u003e#1703\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1701\"\u003e#1701\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump ruff from 0.15.10 to 0.15.11. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1704\"\u003e#1704\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/typer/pull/1702\"\u003e#1702\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/cfcc2ef9f948bcce67897a6c7e689d39da690bf9\"\u003e\u003ccode\u003ecfcc2ef\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/13846cc59bd574567a9a1f56eae3cd42b9aa2a4f\"\u003e\u003ccode\u003e13846cc\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/a43746997ad6f2b4a8829c69c919f4d4c2cc0698\"\u003e\u003ccode\u003ea437469\u003c/code\u003e\u003c/a\u003e 🔧 Add Typer Library Skill for Agents (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1620\"\u003e#1620\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/ba6cc2c9e7cba35f891c91118e228e1d2da35edb\"\u003e\u003ccode\u003eba6cc2c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/0f3ead07c2bb384fdd590e895ca6705582c58d89\"\u003e\u003ccode\u003e0f3ead0\u003c/code\u003e\u003c/a\u003e ⬆ Bump ruff from 0.15.11 to 0.15.12 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1722\"\u003e#1722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/db4ade64936599b3460f2fc0a7c550c3fedc33b0\"\u003e\u003ccode\u003edb4ade6\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5a5206ceed2afdf234f88a6e2ef74ad9ebdf0d92\"\u003e\u003ccode\u003e5a5206c\u003c/code\u003e\u003c/a\u003e ⬆ Bump prek from 0.3.10 to 0.3.11 (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1723\"\u003e#1723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/959845e173b4bec0d606d99247815c2710613ca8\"\u003e\u003ccode\u003e959845e\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/5e1fcfb5935e7ac3ff3c7526ef297eae31bd4822\"\u003e\u003ccode\u003e5e1fcfb\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/typer/commit/dfb21ad034804584702d553ebfba40d8f4d791b9\"\u003e\u003ccode\u003edfb21ad\u003c/code\u003e\u003c/a\u003e 🚸 Don't truncate code lines in traceback when formatted with Rich (\u003ca href=\"https://redirect.github.com/fastapi/typer/issues/1695\"\u003e#1695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/typer/compare/0.21.1...0.25.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.12.5 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.3 2026-04-20\u003c/h2\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.2...v2.13.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.2 2026-04-17\u003c/h2\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.1 2026-04-15\u003c/h2\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.13.0 2026-04-13\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.3 (2026-04-20)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.3\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHandle \u003ccode\u003eAttributeError\u003c/code\u003e subclasses with \u003ccode\u003efrom_attributes\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13096\"\u003e#13096\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.2 (2026-04-17)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.2\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.field_name\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13084\"\u003e#13084\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.1 (2026-04-15)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.1\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eValidationInfo.data\u003c/code\u003e missing with \u003ccode\u003emodel_validate_json()\u003c/code\u003e by \u003ca href=\"https://github.com/davidhewitt\"\u003e\u003ccode\u003e@​davidhewitt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13079\"\u003e#13079\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.13.0 (2026-04-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.0\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThe highlights of the v2.13 release are available in the \u003ca href=\"https://pydantic.dev/articles/pydantic-v2-13-release\"\u003eblog post\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.12.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eboto3-stubs\u003c/code\u003e to \u003ccode\u003etypes-boto3\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/831\"\u003epydantic/pydantic-settings#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI not recognizing field name with validate_by_name and AliasChoices by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/826\"\u003epydantic/pydantic-settings#826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow customisation of the dotevn setting source to filter variables by \u003ca href=\"https://github.com/CaselIT\"\u003e\u003ccode\u003e@​CaselIT\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/832\"\u003epydantic/pydantic-settings#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/833\"\u003epydantic/pydantic-settings#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce yamlfmt by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/836\"\u003epydantic/pydantic-settings#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump boto3 from 1.42.82 to 1.42.83 in the python-packages group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/837\"\u003epydantic/pydantic-settings#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce zizmor by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/838\"\u003epydantic/pydantic-settings#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CliPositionalArg[list[CustomType]] crash for custom types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/839\"\u003epydantic/pydantic-settings#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd note about Mypy plugin for \u003ccode\u003eBaseSettings.__init__()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/842\"\u003epydantic/pydantic-settings#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/844\"\u003epydantic/pydantic-settings#844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/847\"\u003epydantic/pydantic-settings#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to \u003ccode\u003ejson_schema_extra\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/843\"\u003epydantic/pydantic-settings#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/848\"\u003epydantic/pydantic-settings#848\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/617c690fb16c95eb0fb98fc88c0d6d82b9af4fa9\"\u003e\u003ccode\u003e617c690\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/844\"\u003e#844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.12.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.14.0 to 2.38.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.38.0\u003c/h2\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.36.0\u003c/h2\u003e\n\u003ch2\u003e2.36.0 (2026-05-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.1...v2.36.0\"\u003ev2.35.1...v2.36.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/13c639cc7d57e4fbd4406563511e15eeb88a54b2\"\u003e13c639c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e realtime 2 (\u003ca href=\"https://github.com/openai/openai-python/commit/8fe0ab87e67eeb3cc27426b50093845229520f0e\"\u003e8fe0ab8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.35.1\u003c/h2\u003e\n\u003ch2\u003e2.35.1 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.0...v2.35.1\"\u003ev2.35.0...v2.35.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e add service_tier parameter to responses compact method (\u003ca href=\"https://github.com/openai/openai-python/commit/625827c5509ece3c40e5002be37a9bd9d91b5374\"\u003e625827c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal/types:\u003c/strong\u003e support eagerly validating pydantic iterators (\u003ca href=\"https://github.com/openai/openai-python/commit/7e527bc927cc58b74d7619abf7f1fbcfff8bddfa\"\u003e7e527bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove unnecessary client_id when using workload identity provider for auth (\u003ca href=\"https://github.com/openai/openai-python/commit/c39ea8d12a010052d7f02cebe8daabd2d1f89597\"\u003ec39ea8d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e add missing f-string prefix in file type error message (\u003ca href=\"https://github.com/openai/openai-python/commit/c85ebd935cb4b80e7e97ce255437684f6411fb00\"\u003ec85ebd9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.36.0 (2026-05-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.1...v2.36.0\"\u003ev2.35.1...v2.36.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/13c639cc7d57e4fbd4406563511e15eeb88a54b2\"\u003e13c639c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e realtime 2 (\u003ca href=\"https://github.com/openai/openai-python/commit/8fe0ab87e67eeb3cc27426b50093845229520f0e\"\u003e8fe0ab8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.35.1 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.35.0...v2.35.1\"\u003ev2.35.0...v2.35.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e fix imagegen \u003ccode\u003esize\u003c/code\u003e enum regression (\u003ca href=\"https://github.com/openai/openai-python/commit/44846536bc3b02c393daa5bae70a85de04c7f621\"\u003e4484653\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/e75766769547601a25ed83b666c4d0fd046881f0\"\u003e\u003ccode\u003ee757667\u003c/code\u003e\u003c/a\u003e release: 2.38.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/b85b647b5312debb951814dfb9ed13f906d6bf43\"\u003e\u003ccode\u003eb85b647\u003c/code\u003e\u003c/a\u003e feat(api): api update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/d881c67866083ae187e14664e289e68a3ba04686\"\u003e\u003ccode\u003ed881c67\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;chore: check release PR custom code sync\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/d4a322816ad637330e40fdcdee9ca48bc92a2a4f\"\u003e\u003ccode\u003ed4a3228\u003c/code\u003e\u003c/a\u003e chore: check release PR custom code sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/48888380cdfc01e4f22f9ed7fbd5250231472e0d\"\u003e\u003ccode\u003e4888838\u003c/code\u003e\u003c/a\u003e chore: remove release automation trigger\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/74978f055a7adf004dec718e80bb46241e54d9ca\"\u003e\u003ccode\u003e74978f0\u003c/code\u003e\u003c/a\u003e chore: trigger release automation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/bab18af787cd5d962aedeb4b5b86df4f6cf28003\"\u003e\u003ccode\u003ebab18af\u003c/code\u003e\u003c/a\u003e chore(api): docs updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a6f899aa1e046dd0cc18b89c4f73260463888db6\"\u003e\u003ccode\u003ea6f899a\u003c/code\u003e\u003c/a\u003e feat(api): manual updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2897485d445f2924c5c2a8e6a9f40eec633ff345\"\u003e\u003ccode\u003e2897485\u003c/code\u003e\u003c/a\u003e feat(api): update OpenAPI spec or Stainless config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a2f1d6c56980713619760c60a5c7bfb580b0adcb\"\u003e\u003ccode\u003ea2f1d6c\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.14.0...v2.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eth-hash` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ethereum/eth-hash/blob/main/docs/release_notes.rst\"\u003eeth-hash's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eeth-hash v0.8.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003eNo significant changes.\u003c/p\u003e\n\u003ch2\u003eeth-hash v0.8.0-beta.1 (2025-12-17)\u003c/h2\u003e\n\u003cp\u003eBreaking Changes\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Drop support for Python 3.8 and 3.9 (`[#66](https://github.com/ethereum/eth-hash/issues/66) \u0026lt;https://github.com/ethereum/eth-hash/issues/66\u0026gt;`__)\n\u003cp\u003eFeatures\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Add support for Python 3.14 (`[#66](https://github.com/ethereum/eth-hash/issues/66) \u0026amp;lt;https://github.com/ethereum/eth-hash/issues/66\u0026amp;gt;`__)\n\u0026lt;/code\u0026gt;\u0026lt;/pre\u0026gt;\n\u0026lt;/blockquote\u0026gt;\n\u0026lt;/details\u0026gt;\n\u0026lt;details\u0026gt;\n\u0026lt;summary\u0026gt;Commits\u0026lt;/summary\u0026gt;\n\n\u0026lt;ul\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/b599a9632c696d0fb63b1903e79b0608f302e4d2\u0026quot;\u0026gt;\u0026lt;code\u0026gt;b599a96\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Bump version: 0.8.0-beta.1 → 0.8.0\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/3651eea939a90c08328bb69fbbc061c1544c34a7\u0026quot;\u0026gt;\u0026lt;code\u0026gt;3651eea\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Compile release notes for v0.8.0\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/fe118e793e1e626762120419bf72548b8f2ec604\u0026quot;\u0026gt;\u0026lt;code\u0026gt;fe118e7\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Bump version: 0.7.1 → 0.8.0-beta.1\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/e2a6b53d8eddb12c4e0ab9534cf31b134c3d2da4\u0026quot;\u0026gt;\u0026lt;code\u0026gt;e2a6b53\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Compile release notes for v0.8.0-beta.1\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/d1b733ecb7ef7ffe86c9701cf333c55bab8bfb80\u0026quot;\u0026gt;\u0026lt;code\u0026gt;d1b733e\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Merge pull request \u0026lt;a href=\u0026quot;https://redirect.github.com/ethereum/eth-hash/issues/66\u0026quot;\u0026gt;#66\u0026lt;/a\u0026gt; from kclowes/template-upgrade\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/c97025fb0df6c9389feb795b03aa8fca832f6c7c\u0026quot;\u0026gt;\u0026lt;code\u0026gt;c97025f\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Add newsfragments for \u0026lt;a href=\u0026quot;https://redirect.github.com/ethereum/eth-hash/issues/66\u0026quot;\u0026gt;#66\u0026lt;/a\u0026gt;\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/b17284c4c9ea8da04f70c994136dd8aeadfca968\u0026quot;\u0026gt;\u0026lt;code\u0026gt;b17284c\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; lint\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/62b4055a18a683e637489699b31b07fcd76c2e28\u0026quot;\u0026gt;\u0026lt;code\u0026gt;62b4055\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Fix typing\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/75a75ab080513d4b15946a6e3ec8ade9b8168f6b\u0026quot;\u0026gt;\u0026lt;code\u0026gt;75a75ab\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Fix docs build\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;\u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/commit/cca06391f173d09936352dd9a512c2abb801383b\u0026quot;\u0026gt;\u0026lt;code\u0026gt;cca0639\u0026lt;/code\u0026gt;\u0026lt;/a\u0026gt; Add py314-backend-* jobs to circleci config\u0026lt;/li\u0026gt;\n\u0026lt;li\u0026gt;Additional commits viewable in \u0026lt;a href=\u0026quot;https://github.com/ethereum/eth-hash/compare/v0.7.1...v0.8.0\u0026quot;\u0026gt;compare view\u0026lt;/a\u0026gt;\u0026lt;/li\u0026gt;\n\u0026lt;/ul\u0026gt;\n\u0026lt;/details\u0026gt;\n\n\u0026lt;br /\u0026gt;\u003c/code\u003e\u003c/pre\u003e\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest-cov` from 7.0.0 to 7.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst\"\u003epytest-cov's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.1.0 (2026-03-21)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFixed total coverage computation to always be consistent, regardless of reporting settings.\nPreviously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on\nreporting options.\nSee \u003ccode\u003e[#641](https://github.com/pytest-dev/pytest-cov/issues/641) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/641\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove handling of ResourceWarning from sqlite3.\u003c/p\u003e\n\u003cp\u003eThe plugin adds warning filter for sqlite3 \u003ccode\u003eResourceWarning\u003c/code\u003e unclosed database (since 6.2.0).\nIt checks if there is already existing plugin for this message by comparing filter regular expression.\nWhen filter is specified on command line the message is escaped and does not match an expected message.\nA check for an escaped regular expression is added to handle this case.\u003c/p\u003e\n\u003cp\u003eWith this fix one can suppress \u003ccode\u003eResourceWarning\u003c/code\u003e from sqlite3 from command line::\u003c/p\u003e\n\u003cp\u003epytest -W \u0026quot;ignore:unclosed database in \u0026lt;sqlite3.Connection object at:ResourceWarning\u0026quot; ...\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to documentation.\nContributed by Art Pelling in \u003ccode\u003e[#718](https://github.com/pytest-dev/pytest-cov/issues/718) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/718\u0026gt;\u003c/code\u003e_ and\n\u0026quot;vivodi\u0026quot; in \u003ccode\u003e[#738](https://github.com/pytest-dev/pytest-cov/issues/738) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/738\u0026gt;\u003c/code\u003e\u003cem\u003e.\nAlso closed \u003ccode\u003e[#736](https://github.com/pytest-dev/pytest-cov/issues/736) \u0026lt;https://github.com/pytest-dev/pytest-cov/issues/736\u0026gt;\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed some assertions in tests.\nContributed by in Markéta Machová in \u003ccode\u003e[#722](https://github.com/pytest-dev/pytest-cov/issues/722) \u0026lt;https://github.com/pytest-dev/pytest-cov/pull/722\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/66c8a526b1246b5eb8fb1bc218878131bc628622\"\u003e\u003ccode\u003e66c8a52\u003c/code\u003e\u003c/a\u003e Bump version: 7.0.0 → 7.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/f7076624784332594aa4cb3585d4757d295db15e\"\u003e\u003ccode\u003ef707662\u003c/code\u003e\u003c/a\u003e Make the examples use pypy 3.11.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/6049a7847872e3139e6c82e93787123df5dc8672\"\u003e\u003ccode\u003e6049a78\u003c/code\u003e\u003c/a\u003e Make context test use the old ctracer (seems the new sysmon tracer behaves di...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/8ebf20bbbc73478b3f8fd36d30237d9ea083f06b\"\u003e\u003ccode\u003e8ebf20b\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/861d30e60d571f97259c6b718b71c819d5dbc3b9\"\u003e\u003ccode\u003e861d30e\u003c/code\u003e\u003c/a\u003e Remove the backup context manager  - shouldn't be needed since coverage 5.0, ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/fd4c956014035527f0c3c8d7faef3f8cfdadac7f\"\u003e\u003ccode\u003efd4c956\u003c/code\u003e\u003c/a\u003e Pass the precision on the nulled total (seems that there's some caching goion...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/78c9c4ecb005faf4962fd86ff7bf9c9cce9554d6\"\u003e\u003ccode\u003e78c9c4e\u003c/code\u003e\u003c/a\u003e Only run the 3.9 on older deps.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/4849a922e8be725c662a3d9175da571ace6545dc\"\u003e\u003ccode\u003e4849a92\u003c/code\u003e\u003c/a\u003e Punctuation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/197c35e2f37031fd1927715307ab6eed7cb3d2b7\"\u003e\u003ccode\u003e197c35e\u003c/code\u003e\u003c/a\u003e Update changelog and hopefully I don't forget to publish release again :))\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest-cov/commit/14dc1c92d44108384e39803888635fdbfc578b7f\"\u003e\u003ccode\u003e14dc1c9\u003c/code\u003e\u003c/a\u003e Update examples to use 3.11 and make the adhoc layout example look a bit more...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest-cov/compare/v7.0.0...v7.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.14.10 to 0.15.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid false positives in \u003ccode\u003eelse\u003c/code\u003e clause (\u003ccode\u003ePLR1733\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25177\"\u003e#25177\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-comprehensions\u003c/code\u003e] Skip \u003ccode\u003eC417\u003c/code\u003e for lambdas with positional-only parameters (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25272\"\u003e#25272\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-simplify\u003c/code\u003e] Preserve f-string source verbatim in \u003ccode\u003eSIM101\u003c/code\u003e fix (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25061\"\u003e#25061\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid unnecessary parser lookahead for operators (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25290\"\u003e#25290\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate code example setting Neovim LSP log level (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25284\"\u003e#25284\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd full PEP 798 support (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25104\"\u003e#25104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a parser recursion limit (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24810\"\u003e#24810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate various \u003ccode\u003eruff_python_stdlib\u003c/code\u003e APIs (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25273\"\u003e#25273\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ocaballeror\"\u003e\u003ccode\u003e@​ocaballeror\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuelcolvin\"\u003e\u003ccode\u003e@​samuelcolvin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/baltasarblanco\"\u003e\u003ccode\u003e@​baltasarblanco\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aconal-com\"\u003e\u003ccode\u003e@​aconal-com\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JelleZijlstra\"\u003e\u003ccode\u003e@​JelleZijlstra\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AlexWaygood\"\u003e\u003ccode\u003e@​AlexWaygood\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.14\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-21.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eairflow\u003c/code\u003e] Implement \u003ccode\u003eairflow-task-implicit-multiple-outputs\u003c/code\u003e (\u003ccode\u003eAIR202\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25152\"\u003e#25152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-use-pathlib\u003c/code\u003e] Mark \u003ccode\u003ePTH101\u003c/code\u003e fix as unsafe when first argument is a class attribute annotated as \u003ccode\u003eint\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25086\"\u003e#25086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Implement \u003ccode\u003etoo-many-try-statements\u003c/code\u003e (\u003ccode\u003eW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23970\"\u003e#23970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003eincorrect-decorator-order\u003c/code\u003e (\u003ccode\u003eRUF074\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23461\"\u003e#23461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Add \u003ccode\u003efallible-context-manager\u003c/code\u003e (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/22844\"\u003e#22844\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix lambda formatting in interpolated string expressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25144\"\u003e#25144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat generic \u003ccode\u003efrozenset\u003c/code\u003e annotations as immutable (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25251\"\u003e#25251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-type-checking\u003c/code\u003e] Avoid \u003ccode\u003estrict\u003c/code\u003e behavior when \u003ccode\u003efuture-annotations\u003c/code\u003e are enabled (\u003ccode\u003eTC001\u003c/code\u003e, \u003ccode\u003eTC002\u003c/code\u003e, \u003ccode\u003eTC003\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25035\"\u003e#25035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyli...\n\n_Description has been truncated_","html_url":"https://github.com/blairmichaelg/secbrain/pull/238","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/blairmichaelg%2Fsecbrain/issues/238","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/238/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-21T00:35:58.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4490809265","node_id":"PR_kwDOOMKlh87dvpUg","number":7,"state":"closed","title":"Bump the pip group across 2 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T22:52:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-21T00:35:58.000Z","updated_at":"2026-05-28T22:52:57.000Z","time_to_close":685017,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":22,"packages":[{"name":"flask-cors","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/corydolphin/flask-cors"},{"name":"lxml","old_version":"5.3.1","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"eventlet","old_version":"0.39.0","new_version":"0.41.0","repository_url":"https://github.com/eventlet/eventlet"},{"name":"setuptools","old_version":"58.5.3","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"wheel","old_version":"0.45.0","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"pymongo","old_version":"4.3.3","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"poetry","old_version":"2.0.0","new_version":"2.3.4","repository_url":"https://github.com/python-poetry/poetry"},{"name":"twisted","old_version":"24.3.0","new_version":"26.4.0rc2","repository_url":"https://github.com/twisted/twisted"},{"name":"cryptography","old_version":"44.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.19.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"werkzeug","old_version":"2.3.7","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"filelock","old_version":"3.17.0","new_version":"3.20.3","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"5.29.3","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"virtualenv","old_version":"20.29.2","new_version":"20.36.1","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 19 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `5.0.0` | `6.0.0` |\n| [lxml](https://github.com/lxml/lxml) | `5.3.1` | `6.1.0` |\n| [eventlet](https://github.com/eventlet/eventlet) | `0.39.0` | `0.41.0` |\n| [setuptools](https://github.com/pypa/setuptools) | `58.5.3` | `78.1.1` |\n| [wheel](https://github.com/pypa/wheel) | `0.45.0` | `0.46.2` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.3` | `4.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [poetry](https://github.com/python-poetry/poetry) | `2.0.0` | `2.3.4` |\n| [twisted](https://github.com/twisted/twisted) | `24.3.0` | `26.4.0rc2` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.0` | `0.19.2` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.1.6` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.7.0` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.17.0` | `3.20.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `20.29.2` | `20.36.1` |\n\nBumps the pip group with 4 updates in the /buildscripts/cost_model directory: [pymongo](https://github.com/mongodb/mongo-python-driver), [fonttools](https://github.com/fonttools/fonttools), [pillow](https://github.com/python-pillow/Pillow) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).\n\nUpdates `flask-cors` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/corydolphin/flask-cors/releases\"\u003eflask-cors's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.0\u003c/h2\u003e\n\u003ch2\u003eBreaking\u003c/h2\u003e\n\u003cp\u003ePath specificity ordering has changed to improve specificity. This may break users who expected the previous incorrect ordering.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6839] Sort Paths by Regex Specificity by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/391\"\u003ecorydolphin/flask-cors#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/389\"\u003ecorydolphin/flask-cors#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CVE-2024-6866] Case Sensitive Request Path Matching by \u003ca href=\"https://github.com/adrianosela\"\u003e\u003ccode\u003e@​adrianosela\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/390\"\u003ecorydolphin/flask-cors#390\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.1...6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis primarily changes packaging to use uv and a new release pipeline, along with some small documentation improvements\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Docs] Fix links to documentation by \u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix minor typos by \u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate packaging and environment management to use uv by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/377\"\u003ecorydolphin/flask-cors#377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix release pipeline by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/378\"\u003ecorydolphin/flask-cors#378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAlways use trusted publishing by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/379\"\u003ecorydolphin/flask-cors#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWorkaround license publishing issue by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/380\"\u003ecorydolphin/flask-cors#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix packaging: missing source files by \u003ca href=\"https://github.com/corydolphin\"\u003e\u003ccode\u003e@​corydolphin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/381\"\u003ecorydolphin/flask-cors#381\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coren-frankel\"\u003e\u003ccode\u003e@​coren-frankel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/369\"\u003ecorydolphin/flask-cors#369\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kkirsche\"\u003e\u003ccode\u003e@​kkirsche\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/pull/371\"\u003ecorydolphin/flask-cors#371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\"\u003ehttps://github.com/corydolphin/flask-cors/compare/5.0.0...5.0.01\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/35d875319621bd129a38b2b823abf4a2f6cda536\"\u003e\u003ccode\u003e35d8753\u003c/code\u003e\u003c/a\u003e [CVE-2024-6844] Replace use of (urllib) unquote_plus with unquote for paths (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/e970988bea563e05e8b8f53fa7bcc134b5bf5c5f\"\u003e\u003ccode\u003ee970988\u003c/code\u003e\u003c/a\u003e [CVE-2024-6839] Sort Paths by Regex Specificity (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb39516a3c96b90d0ae5f51293972395ec3ef358\"\u003e\u003ccode\u003eeb39516\u003c/code\u003e\u003c/a\u003e [CVE-2024-6866] Case Sensitive Request Path Matching (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/5da9be479b4fb203816bca9eb0cfb7add5eeceb5\"\u003e\u003ccode\u003e5da9be4\u003c/code\u003e\u003c/a\u003e Fix packaging: missing source files (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/65a51321e1be9a4320b39f67db5e63553cd8138b\"\u003e\u003ccode\u003e65a5132\u003c/code\u003e\u003c/a\u003e Workaround license publishing issue (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/7127e7e3914083fbe4ebd8f7ef9b3ae0e8459daa\"\u003e\u003ccode\u003e7127e7e\u003c/code\u003e\u003c/a\u003e Always use trusted publishing (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/01e2e68268f7fdb4ed7309a655986b85c9066a67\"\u003e\u003ccode\u003e01e2e68\u003c/code\u003e\u003c/a\u003e Fix release pipeline (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/378\"\u003e#378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/ade65a16524c628747aecaaa73c1d615501974b2\"\u003e\u003ccode\u003eade65a1\u003c/code\u003e\u003c/a\u003e Major Packaging Refactor: migrate to uv (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/eb44bffc76f49e5bb8692e96a37e11ebee070cf0\"\u003e\u003ccode\u003eeb44bff\u003c/code\u003e\u003c/a\u003e fix: typos (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/371\"\u003e#371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/corydolphin/flask-cors/commit/1225e7806156de61f343928c227e32bbff44059e\"\u003e\u003ccode\u003e1225e78\u003c/code\u003e\u003c/a\u003e replace documentation links in README (\u003ca href=\"https://redirect.github.com/corydolphin/flask-cors/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/corydolphin/flask-cors/compare/5.0.0...6.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 5.3.1 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/releases\"\u003elxml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elxml-6.1.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.1\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-6.0.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003elxml-5.4.0\u003c/h2\u003e\n\u003ch1\u003e5.4.0 (2025-04-22)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2107279: Binary wheels use libxml2 2.13.8 and libxslt 1.1.43 to resolve several CVEs.\n(Binary wheels for Windows continue to use a patched libxml2 2.11.9 and libxslt 1.1.39.)\nIssue found by Anatoly Katyushin, see \u003ca href=\"https://bugs.launchpad.net/lxml/+bug/2107279\"\u003ehttps://bugs.launchpad.net/lxml/+bug/2107279\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elxml-5.3.2\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c/h1\u003e\n\u003cp\u003eThis release fixes a possible external entity injection (XXE) vulnerability in\n\u003ccode\u003eiterparse()\u003c/code\u003e and the \u003ccode\u003eETCompatXMLParser\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eFeatures added\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eGH#486: The HTML ARIA accessibility attributes were added to the set of safe attributes\nin \u003ccode\u003elxml.html.defs\u003c/code\u003e.  This allows \u003ccode\u003elxml_html_clean\u003c/code\u003e to pass them through.\nPatch by oomsveta.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe default chunk size for reading from file-likes in \u003ccode\u003eiterparse()\u003c/code\u003e is now configurable\nwith a new \u003ccode\u003echunk_size\u003c/code\u003e argument.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2146291: The \u003ccode\u003eresolve_entities\u003c/code\u003e option was still set to \u003ccode\u003eTrue\u003c/code\u003e for\n\u003ccode\u003eiterparse\u003c/code\u003e and \u003ccode\u003eETCompatXMLParser\u003c/code\u003e, allowing for external entity injection (XXE)\nwhen using these parsers without setting this option explicitly.\nThe default was now changed to \u003ccode\u003e'internal'\u003c/code\u003e only (as for the normal XML and HTML parsers\nsince lxml 5.0).\nIssue found by Sihao Qiu as CVE-2026-41066.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.4 (2026-04-12)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eLP#2148019: Spurious MemoryError during namespace cleanup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e6.0.3 (2026-04-09)\u003c/h1\u003e\n\u003ch2\u003eBugs fixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSeveral out of memory error cases now raise \u003ccode\u003eMemoryError\u003c/code\u003e that were not handled before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSlicing with large step values (outside of \u003ccode\u003e+/- sys.maxsize\u003c/code\u003e) could trigger undefined C behaviour.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2125399: Some failing tests were fixed or disabled in PyPy.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLP#2138421: Memory leak in error cases when setting the \u003ccode\u003epublic_id\u003c/code\u003e or \u003ccode\u003esystem_url\u003c/code\u003e of a document.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/43722f4402afa48b7890a96ce012eb0b9b1af5be\"\u003e\u003ccode\u003e43722f4\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/87470409b17188a5a7dbefcfa124af9cd792ffaa\"\u003e\u003ccode\u003e8747040\u003c/code\u003e\u003c/a\u003e Name version of option change in docstring.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6c36e6cef77db5087a1fff1a0d1ca8fed963afe7\"\u003e\u003ccode\u003e6c36e6c\u003c/code\u003e\u003c/a\u003e Fix pypistats URL in download statistics script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c7d76d6cb817c8e1f316e43b16cab5e6ad669ad0\"\u003e\u003ccode\u003ec7d76d6\u003c/code\u003e\u003c/a\u003e Change security policy to point to Github security advisories.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/378ccf82db8160928807c55ed580c0443aa94f42\"\u003e\u003ccode\u003e378ccf8\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/315270b810a9e3276c60daba549299d204ac962b\"\u003e\u003ccode\u003e315270b\u003c/code\u003e\u003c/a\u003e Docs: Reduce TOC depth of package pages and move module contents first.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/6dbba7f3c72f655b05b26ef453fdee31af13ccf5\"\u003e\u003ccode\u003e6dbba7f\u003c/code\u003e\u003c/a\u003e Docs: Show current year in copyright line.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/e4385bfa5d79527350d5ef17372fb70ba80b4cce\"\u003e\u003ccode\u003ee4385bf\u003c/code\u003e\u003c/a\u003e Update project income report.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/5bed1e1a227cd9ba5a879aaeacdf504093a3f6e8\"\u003e\u003ccode\u003e5bed1e1\u003c/code\u003e\u003c/a\u003e Validate file hashes in release download script.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lxml/lxml/commit/c13ee10a429f1144779bb1cbf6ae3bec808ae9c1\"\u003e\u003ccode\u003ec13ee10\u003c/code\u003e\u003c/a\u003e Prepare release of 6.1.0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lxml/lxml/compare/lxml-5.3.1...lxml-6.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eventlet` from 0.39.0 to 0.41.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eventlet/eventlet/blob/master/NEWS\"\u003eeventlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.41.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to 3.14 for testing (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMore visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.4\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEmit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.3\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY] Fix request smuggling vulnerability by discarding trailers (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.2\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix compatibility issues identified with Python 3.14 on Linux (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1058\"\u003e#1058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake database removal safer with IF EXISTS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1056\"\u003e#1056\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrepare jobs and CI/CD for python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1055\"\u003e#1055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.1\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] \u0026quot;Fix\u0026quot; fork() so it \u0026quot;works\u0026quot; on Python 3.13, and \u0026quot;works\u0026quot; better on older Python versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1047\"\u003e#1047\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eBehavior change: threads created by eventlet.green.threading.Thread and threading.Thead will be visible across both modules if monkey patching was used. Previously each module would only list threads created in that module.\u003c/li\u003e\n\u003cli\u003eBug fix: after fork(), greenlet threads are correctly listed in threading.enumerate() if monkey patching was used. You should not use fork()-without-execve().\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[fix] Fix patching of removed URLopener class in Python 3.14 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] ReferenceError except while count rlock (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1042\"\u003e#1042\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.utcfromtimestamp (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix][env] Remove duplicate steps (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1049\"\u003e#1049\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[fix] Replace deprecated datetime.datetime.utcnow (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.40.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Fix ssl test when linking against openssl 3.5 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1034\"\u003e#1034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support Python 3.8 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1021\"\u003e#1021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[doc] Various doc updates (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/981\"\u003e#981\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1033\"\u003e#1033\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[env] Drop PyPy support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1035\"\u003e#1035\u003c/a\u003e \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1037\"\u003e#1037\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.39.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/5ec4b6dcd2e5bb41c63743bd59dedbce4a9c5381\"\u003e\u003ccode\u003e5ec4b6d\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.41.0 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/6de7dbbd71585e34ccbec99d220606febb286bb8\"\u003e\u003ccode\u003e6de7dbb\u003c/code\u003e\u003c/a\u003e Switch to 3.14 for testing, fix problems found along the way. (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1ea81d9fbf12ce62a818ff9125ca14593c5506a7\"\u003e\u003ccode\u003e1ea81d9\u003c/code\u003e\u003c/a\u003e Drop 3.9 support (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/62662af7002b531bed608c7dd73d81943ff638c9\"\u003e\u003ccode\u003e62662af\u003c/code\u003e\u003c/a\u003e More visible deprecation (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1077\"\u003e#1077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/f3254a1b401714f6dfdffa5045d25a4d36c76c06\"\u003e\u003ccode\u003ef3254a1\u003c/code\u003e\u003c/a\u003e Update changelog for version 0.40.4 (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/8cb20296f3455a1836cdbcbf1d3545666ee7f867\"\u003e\u003ccode\u003e8cb2029\u003c/code\u003e\u003c/a\u003e Remove legacy setuptools configuration files (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1072\"\u003e#1072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/220f82d843c0a57c267e77f0cc437e0b43be1cca\"\u003e\u003ccode\u003e220f82d\u003c/code\u003e\u003c/a\u003e add 3.14 to supported versions (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/01a3da5f9b552c7d58eb6de829d33f522d4b04cf\"\u003e\u003ccode\u003e01a3da5\u003c/code\u003e\u003c/a\u003e Emit warning on startup that eventlet is deprecated (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1065\"\u003e#1065\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/1b2b959da1257dccd23956fda43d03dc6a28ca16\"\u003e\u003ccode\u003e1b2b959\u003c/code\u003e\u003c/a\u003e Fix Python 3.14 on macOS (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eventlet/eventlet/commit/d8bf4659cd8b178949cc2b1485b337d46bae6532\"\u003e\u003ccode\u003ed8bf465\u003c/code\u003e\u003c/a\u003e Workaround for \u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1068\"\u003e#1068\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/eventlet/eventlet/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eventlet/eventlet/compare/0.39.0...0.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `setuptools` from 58.5.3 to 78.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/setuptools/blob/main/NEWS.rst\"\u003esetuptools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev78.1.1\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMore fully sanitized the filename in PackageIndex._download. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4946\"\u003e#4946\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.1.0\u003c/h1\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore access to _get_vc_env with a warning. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4874\"\u003e#4874\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.2\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePostponed removals of deprecated dash-separated and uppercase fields in \u003ccode\u003esetup.cfg\u003c/code\u003e.\nAll packages with deprecated configurations are advised to move before 2026. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.1\u003c/h1\u003e\n\u003ch2\u003eMisc\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4909\"\u003e#4909\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev78.0.0\u003c/h1\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReverted distutils changes that broke the monkey patching of command classes. (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4902\"\u003e#4902\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSetuptools no longer accepts options containing uppercase or dash characters in \u003ccode\u003esetup.cfg\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df\"\u003e\u003ccode\u003e8e4868a\u003c/code\u003e\u003c/a\u003e Bump version: 78.1.0 → 78.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09\"\u003e\u003ccode\u003e100e9a6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4951\"\u003e#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f\"\u003e\u003ccode\u003e8faf1d7\u003c/code\u003e\u003c/a\u003e Add news fragment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7\"\u003e\u003ccode\u003e2ca4a9f\u003c/code\u003e\u003c/a\u003e Rely on re.sub to perform the decision in one expression.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c\"\u003e\u003ccode\u003ee409e80\u003c/code\u003e\u003c/a\u003e Extract _sanitize method for sanitizing the filename.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b\"\u003e\u003ccode\u003e250a6d1\u003c/code\u003e\u003c/a\u003e Add a check to ensure the name resolves relative to the tmpdir.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a\"\u003e\u003ccode\u003ed8390fe\u003c/code\u003e\u003c/a\u003e Extract _resolve_download_filename with test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba\"\u003e\u003ccode\u003e4e1e893\u003c/code\u003e\u003c/a\u003e Merge \u003ca href=\"https://github.com/jaraco/skeleton\"\u003ehttps://github.com/jaraco/skeleton\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a\"\u003e\u003ccode\u003e3a3144f\u003c/code\u003e\u003c/a\u003e Fix typo: \u003ccode\u003epyproject.license\u003c/code\u003e -\u0026gt; \u003ccode\u003eproject.license\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pypa/setuptools/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f\"\u003e\u003ccode\u003ed751068\u003c/code\u003e\u003c/a\u003e Fix typo: pyproject.license -\u0026gt; project.license\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/setuptools/compare/v58.5.3...v78.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.45.0 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description\nfield\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.45.1 (2024-11-23)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in\nthe file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/eba4036ccaca4e2d0c5b5bf3e3be59b2b2877d6b\"\u003e\u003ccode\u003eeba4036\u003c/code\u003e\u003c/a\u003e Updated the version number for v0.46.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/557fb5425036ccca95330b2c8875e54c9f4483cf\"\u003e\u003ccode\u003e557fb54\u003c/code\u003e\u003c/a\u003e Created a new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef\"\u003e\u003ccode\u003e7a7d2de\u003c/code\u003e\u003c/a\u003e Fixed security issue around wheel unpack (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/675\"\u003e#675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/41418fac233d6973ea8798d620df4aa5b3aa1b66\"\u003e\u003ccode\u003e41418fa\u003c/code\u003e\u003c/a\u003e Fixed test failures due to metadata normalization changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/c1d442bec6c634fcfb89e5d58698dd226685bd14\"\u003e\u003ccode\u003ec1d442b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/0bac8820ec90b1aaa0695d79a56563137b48686d\"\u003e\u003ccode\u003e0bac882\u003c/code\u003e\u003c/a\u003e Update github actions environments (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/be9f45b4ee1210b2a815d2eefea56b71efd99d63\"\u003e\u003ccode\u003ebe9f45b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/6244f08bb92d7569da6c2fbea23de0846ad34ff3\"\u003e\u003ccode\u003e6244f08\u003c/code\u003e\u003c/a\u003e Update pre-commit ruff legacy alias (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/15b7577654e8bcd23e009c6bac036b65c11d8d8f\"\u003e\u003ccode\u003e15b7577\u003c/code\u003e\u003c/a\u003e PEP 639 compliance (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/wheel/commit/fc8cb4163e4f48d86092cb2a16076f1b3efcd10f\"\u003e\u003ccode\u003efc8cb41\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Removed redundant Python version from the publish workflow (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/666\"\u003e#666\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/wheel/compare/0.45.0...0.46.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.3 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.3...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `poetry` from 2.0.0 to 2.3.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/releases\"\u003epoetry's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.4\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Windows Server (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/911\"\u003e#911\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-poetry/poetry/blob/main/CHANGELOG.md\"\u003epoetry's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.3.4] - 2026-04-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a performance regression in the wheel installer that was introduced in Poetry 2.3.3 (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10821\"\u003e#10821\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix a path traversal vulnerability in sdist extraction on Python 3.10.0-3.10.12 and 3.11.0-3.11.4 that could allow malicious tarball files to write files outside the target directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10837\"\u003e#10837\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.3] - 2026-03-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix a path traversal vulnerability in the wheel installer that could allow malicious wheel files to write files outside the intended installation directory\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10792\"\u003e#10792\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003egit\u003c/code\u003e dependencies from annotated tags could not be updated (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10719\"\u003e#10719\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where empty \u003ccode\u003eVIRTUAL_ENV\u003c/code\u003e or \u003ccode\u003eCONDA_PREFIX\u003c/code\u003e environment variables (e.g., after \u003ccode\u003econda deactivate\u003c/code\u003e) would cause Poetry to incorrectly detect an active virtualenv (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10784\"\u003e#10784\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where an incomprehensible error message was printed when \u003ccode\u003e.venv\u003c/code\u003e was a file instead of a directory (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10777\"\u003e#10777\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where HTTP Basic Authentication credentials could be corrupted during request preparation, causing authentication failures with long tokens (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10748\"\u003e#10748\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry publish --no-interaction --build\u003c/code\u003e requested user interaction (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10769\"\u003e#10769\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003epoetry init\u003c/code\u003e and \u003ccode\u003epoetry new\u003c/code\u003e created a deprecated \u003ccode\u003eproject.license\u003c/code\u003e format (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10787\"\u003e#10787\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify the differences between \u003ccode\u003epoetry install\u003c/code\u003e and \u003ccode\u003epoetry update\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10713\"\u003e#10713\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eClarify the section of fields in the \u003ccode\u003epyproject.toml\u003c/code\u003e examples (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10753\"\u003e#10753\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eAdd a note about the different installation location when Python from the Microsoft Store is used (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10759\"\u003e#10759\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the system requirements for Poetry (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10739\"\u003e#10739\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the \u003ccode\u003epoetry cache clear\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10749\"\u003e#10749\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix the link to \u003ccode\u003epipx\u003c/code\u003e installation instructions (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10783\"\u003e#10783\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.2\"\u003e\u003ccode\u003e2.3.2\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003eplatform_release\u003c/code\u003e could not be parsed on Debian Trixie (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/930\"\u003e#930\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where using \u003ccode\u003eproject.readme.text\u003c/code\u003e in the \u003ccode\u003epyproject.toml\u003c/code\u003e file resulted in broken metadata (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/914\"\u003e#914\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where dependency groups were considered equal when their resolved dependencies were equal, even if the groups themselves were not (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/919\"\u003e#919\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where removing a dependency from a group that included another group resulted in other dependencies being added to the included group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/922\"\u003e#922\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where PEP 735 \u003ccode\u003einclude-group\u003c/code\u003e entries were lost when \u003ccode\u003e[tool.poetry.group]\u003c/code\u003e also defined \u003ccode\u003einclude-groups\u003c/code\u003e for the same group (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/924\"\u003e#924\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where the union of \u003ccode\u003e\u0026lt;value\u0026gt; not in \u0026lt;marker\u0026gt;\u003c/code\u003e constraints was wrongly treated as always satisfied (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/925\"\u003e#925\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a post release with a local version identifier was wrongly allowed by a \u003ccode\u003e\u0026gt;\u003c/code\u003e version constraint (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/921\"\u003e#921\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a version with the local version identifier \u003ccode\u003e0\u003c/code\u003e was treated as equal to the corresponding public version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/920\"\u003e#920\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where a \u003ccode\u003e!= \u0026lt;version\u0026gt;\u003c/code\u003e constraint wrongly disallowed pre releases and post releases of the specified version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/929\"\u003e#929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFix an issue where \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003enot in\u003c/code\u003e constraints were wrongly not allowed by specific compound constraints (\u003ca href=\"https://redirect.github.com/python-poetry/poetry-core/pull/927\"\u003e#927\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.3.2] - 2026-02-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow \u003ccode\u003edulwich\u0026gt;=1.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/pull/10701\"\u003e#10701\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003epoetry-core (\u003ca href=\"https://github.com/python-poetry/poetry-core/releases/tag/2.3.1\"\u003e\u003ccode\u003e2.3.1\u003c/code\u003e\u003c/a\u003e)\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/7c7af71ba206dadd2ff7eda19b9a4c90c4349754\"\u003e\u003ccode\u003e7c7af71\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e512e7fc5557251c7c9c59d0029506e77db1ea18\"\u003e\u003ccode\u003ee512e7f\u003c/code\u003e\u003c/a\u003e fix: refuse to write files outside the target directory during sdist extracti...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/506c09db69a127f6fc2c54958d4f5fdc0ea378cc\"\u003e\u003ccode\u003e506c09d\u003c/code\u003e\u003c/a\u003e perf: use \u003ccode\u003eos.path.abspath()\u003c/code\u003e instead of \u003ccode\u003ePath.resolve()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10821\"\u003e#10821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/3d0151ac03b5286e557ed1518b815ad225d52cb0\"\u003e\u003ccode\u003e3d0151a\u003c/code\u003e\u003c/a\u003e release: bump version to 2.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/89f09aad49ed7e6223ea2b8ebdf941e87bb5d5c6\"\u003e\u003ccode\u003e89f09aa\u003c/code\u003e\u003c/a\u003e fix long path issue on Windows (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10794\"\u003e#10794\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/e068177d1bfef65de4c55cf71c36de27057f10e7\"\u003e\u003ccode\u003ee068177\u003c/code\u003e\u003c/a\u003e installer: fix path traversal (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10792\"\u003e#10792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/d76a2f67641ef1499065bdc8a0246448cbcf781c\"\u003e\u003ccode\u003ed76a2f6\u003c/code\u003e\u003c/a\u003e chore: require new poetry-core version (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10790\"\u003e#10790\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/859d4439f2caf147010330beae1ad61274f009d4\"\u003e\u003ccode\u003e859d443\u003c/code\u003e\u003c/a\u003e Update init \u0026amp; new commands for PEP 639 (License) (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10787\"\u003e#10787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/2ff2845af03539c98d2279b46074c908594427c4\"\u003e\u003ccode\u003e2ff2845\u003c/code\u003e\u003c/a\u003e fix: pass auth via Request constructor instead of calling HTTPBasicAuth on un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-poetry/poetry/commit/286e43bba52ba60205e1e5c9a401019b45226bbe\"\u003e\u003ccode\u003e286e43b\u003c/code\u003e\u003c/a\u003e env: improve error handling if \u003ccode\u003e.venv\u003c/code\u003e is not a directory but a file (\u003ca href=\"https://redirect.github.com/python-poetry/poetry/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-poetry/poetry/compare/2.0.0...2.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `twisted` from 24.3.0 to 26.4.0rc2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/releases\"\u003etwisted's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eTwisted 26.4.0rc2 (2026-04-29)\u003c/h1\u003e\n\u003cp\u003eThis is the last release with support for Python 3.9.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.\nReported and fixed by Tomas Illuminati Balbin CVE-2026-42304 (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12626\"\u003e#12626\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.endpoints.serverFromString now supports the \u003ccode\u003etls\u003c/code\u003e endpoint\ntype, which allows you to do \u003ccode\u003etwist web\r --listen=tls:.../certbot-dir/config/live\u003c/code\u003e pointed at a certbot live\nconfiguration directory and have your certbot certificates automatically\ndiscovered and served appropriately. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9885\"\u003e#9885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.reactor\u003c/code\u003e now has type annotations and will appear to be an object of an appropriate type, allowing for idiomatic common usages with correct type information. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/9909\"\u003e#9909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.conch.ssh.SSHUserAuthServer now supports the security key ssh types \u0026quot;\u003ca href=\"mailto:sk-ecdsa-sha2-nistp256@openssh.com\"\u003esk-ecdsa-sha2-nistp256@openssh.com\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"mailto:sk-ssh-ed25519@openssh.com\"\u003esk-ssh-ed25519@openssh.com\u003c/a\u003e\u0026quot; and extracting the \u003ccode\u003eapplication\u003c/code\u003e property from these new key types. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12212\"\u003e#12212\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003etwisted.internet.mail will now return a meaningful Failure when TLS validation fails. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10210\"\u003e#10210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTLS version range constraints passed to twisted.internet.ssl.CertificateOptions are now properly respected rather than excluding the version being passed as the desired constraint. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/10232\"\u003e#10232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA potential reference cycle that might cause intermittent memory spikes while\nusing twisted.internet.defer.inlineCallbacks was removed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12120\"\u003e#12120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrial no longer emits the error \u003ccode\u003eRuntimeWarning: TestResult has no addDuration method\u003c/code\u003e when running PyUnit tests. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12229\"\u003e#12229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.python.rebuild.rebuild() now handles changes to \u003ccode\u003esys.modules\u003c/code\u003e gracefully. Prior to the change, it could possibly raise a \u0026quot;dictionary changed size during iteration\u0026quot; error if the module list changed. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12458\"\u003e#12458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.protocol.ReconnectingClientFactory: Don't multiply by \u003ccode\u003efactor\u003c/code\u003e for initial delay, but use \u003ccode\u003einitialDelay\u003c/code\u003e directly. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12478\"\u003e#12478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etwisted.internet.ssl and twisted.protocols.tls no longer mutate the pyOpenSSL context after creating pyOpenSSL connections, maintaining compatibility with an upcoming version of pyOpenSSL and increasing reliability (possibly even fixing a very rare segfault) (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12500\"\u003e#12500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003etwisted.internet.testing.MemoryReactor.callWhenRunning\u003c/code\u003e now invokes the callback immediately, if already started. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12514\"\u003e#12514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTwisted now correctly detects EOF on OpenSSL 4. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12632\"\u003e#12632\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved Documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe example code from the documentation describing how to create a custom DNS server was updated to Python3. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12480\"\u003e#12480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eType annotations now use modern PEP 585 built-in generics and PEP 604 union syntax throughout the project. (\u003ca href=\"https://redirect.github.com/twisted/twisted/issues/12556\"\u003e#12556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/twisted/twisted/blob/trunk/NEWS.rst\"\u003etwisted's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThis file contains the release notes for Twisted.\u003c/p\u003e\n\u003cp\u003eIt only contains high-level changes that are of interest to Twisted library users.\nUsers of Twisted should check the notes before planning an upgrade.\u003c/p\u003e\n\u003cp\u003eTicket numbers in this file can be looked up by visiting\n\u003ca href=\"https://twisted.org/trac/ticket/\"\u003ehttps://twisted.org/trac/ticket/\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003e.. towncrier release notes start\u003c/p\u003e\n\u003ch1\u003eTwis...\n\n_Description has been truncated_","html_url":"https://github.com/Jackblanket847/mongo/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jackblanket847%2Fmongo/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-19T21:33:34.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4481217629","node_id":"PR_kwDOQtfFwc7dQyNi","number":24,"state":"closed","title":"chore(deps): bump the pip group across 14 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T23:19:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-19T21:33:34.000Z","updated_at":"2026-05-28T23:19:58.000Z","time_to_close":783983,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":12,"packages":[{"name":"google-cloud-aiplatform","old_version":"1.87.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"idna","old_version":"3.10","new_version":"3.15","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"4.25.8","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"1.26.20","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /gemini/sample-apps/genwealth/function-scripts/analyze-prospectus directory: [langchain-core](https://github.com/langchain-ai/langchain).\nBumps the pip group with 1 update in the /gemini/sample-apps/genwealth/function-scripts/process-pdf directory: [langchain-core](https://github.com/langchain-ai/langchain).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/document-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [pillow](https://github.com/python-pillow/Pillow), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [pillow](https://github.com/python-pillow/Pillow), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain), [requests](https://github.com/psf/requests) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 2 updates in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest) and [pydantic-ai](https://github.com/pydantic/pydantic-ai).\nBumps the pip group with 6 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n| [idna](https://github.com/kjd/idna) | `3.10` | `3.15` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.7.0` |\n\nBumps the pip group with 4 updates in the /search/cloud-function/python directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.69.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix RagManagedVertexVectorSearch when using backend_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/df0976ed3195dc8313f4728bc5ecb29dda55d467\"\u003edf0976e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - patch for vulnerability in visualization (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8a00d43dbd24e95dbab6ea32c63ce0a5a1849480\"\u003e8a00d43\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/78f2bdd08bae0696923e61ab73080b5846c67ae0\"\u003e\u003ccode\u003e78f2bdd\u003c/code\u003e\u003c/a\u003e chore(main): release 1.133.0 (\u003ca href=\"https://redirect.github.com/googleapis/python-aiplatform/issues/6211\"\u003e#6211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003e\u003ccode\u003ec8c0f0f\u003c/code\u003e\u003c/a\u003e fix: Add None check for agent_info in evals.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/9952b970b73cfe38e68c48b3699ee4e1df0264df\"\u003e\u003ccode\u003e9952b97\u003c/code\u003e\u003c/a\u003e chore: rollback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e\u003ccode\u003e83f4076\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/937d5af6b9bdbbe3b50181745c99550f124ad8b4\"\u003e\u003ccode\u003e937d5af\u003c/code\u003e\u003c/a\u003e Copybara import of the project:\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/aaaf902be02747cd2281196aad6278df0fd11f7e\"\u003e\u003ccode\u003eaaaf902\u003c/code\u003e\u003c/a\u003e chore: bump google-auth lower bound to 2.47.0 in GenAI and Vertex SDKs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e\u003ccode\u003e8c876ef\u003c/code\u003e\u003c/a\u003e fix: Replace asyncio.run with create_task in ADK async thread mains.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e\u003ccode\u003e5448f06\u003c/code\u003e\u003c/a\u003e fix: Require uri or staging bucket configuration for saving model to Vertex E...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e\u003ccode\u003e65717fa\u003c/code\u003e\u003c/a\u003e feat: GenAI SDK client(memory): Add enable_third_person_memories\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003e\u003ccode\u003ebe2eaaa\u003c/code\u003e\u003c/a\u003e fix: GenAI client(evals) - Fix TypeError in _build_generate_content_config\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.69.0...v1.133.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.9 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.26.16 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/1.26.16...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.69.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RE...\n\n_Description has been truncated_","html_url":"https://github.com/mayoubm1/TTS-STT-Gemini-OS-generative-ai/pull/24","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mayoubm1%2FTTS-STT-Gemini-OS-generative-ai/issues/24","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/24/packages"}},{"old_version":"0.6.2","new_version":"0.6.3","update_type":"patch","path":"/ingestion","pr_created_at":"2026-05-16T07:08:01.000Z","version_change":"0.6.2 → 0.6.3","issue":{"uuid":"4459046943","node_id":"PR_kwDOF1l8-M7cK7Fr","number":28186,"state":"open","title":"chore(deps): bump pyasn1 from 0.6.2 to 0.6.3 in /ingestion","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T07:08:01.000Z","updated_at":"2026-05-16T07:08:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":"/ingestion","ecosystem":"pip"},"body":"Bumps [pyasn1](https://github.com/pyasn1/pyasn1) from 0.6.2 to 0.6.3.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.2...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyasn1\u0026package-manager=pip\u0026previous-version=0.6.2\u0026new-version=0.6.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/open-metadata/OpenMetadata/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/open-metadata/OpenMetadata/pull/28186","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2FOpenMetadata/issues/28186","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28186/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-14T07:54:10.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4444215273","node_id":"PR_kwDOPbmR4M7bbhlF","number":40,"state":"open","title":"build(deps): bump the uv group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T07:54:10.000Z","updated_at":"2026-05-14T07:54:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":6,"packages":[{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"orjson","old_version":"3.10.15","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"cryptography","old_version":"43.0.3","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"pypdf","old_version":"5.1.0","new_version":"6.10.2","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"deepdiff","old_version":"8.5.0","new_version":"8.6.2","repository_url":"https://github.com/qlustered/deepdiff"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.15` | `3.11.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `43.0.3` | `46.0.7` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `5.1.0` | `6.10.2` |\n| [deepdiff](https://github.com/qlustered/deepdiff) | `8.5.0` | `8.6.2` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `orjson` from 3.10.15 to 3.11.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/releases\"\u003eorjson's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.6\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.1\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePublish PyPI wheels for CPython 3.14.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003estr\u003c/code\u003e on big-endian architectures.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ijl/orjson/blob/master/CHANGELOG.md\"\u003eorjson's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.11.6 - 2026-01-29\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eorjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.9.\u003c/li\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 5.\u003c/li\u003e\n\u003cli\u003eBuild now depends on Rust 1.89 or later instead of 1.85.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix sporadic crash serializing deeply nested \u003ccode\u003elist\u003c/code\u003e of \u003ccode\u003edict\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.5 - 2025-12-06\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow simple error message instead of traceback when attempting to\nbuild on unsupported Python versions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.4 - 2025-10-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eABI compatibility with CPython 3.15 alpha 1.\u003c/li\u003e\n\u003cli\u003ePublish PyPI wheels for 3.14 and manylinux i686, manylinux arm7,\nmanylinux ppc64le, manylinux s390x.\u003c/li\u003e\n\u003cli\u003eBuild now requires a C compiler.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.3 - 2025-08-26\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix PyPI project metadata when using maturin 1.9.2 or later.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.11.2 - 2025-08-12\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix build using Rust 1.89 on amd64.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuild now depends on Rust 1.85 or later instead of 1.82.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/ec02024c3837255064f248c0d2d331319b75e9ad\"\u003e\u003ccode\u003eec02024\u003c/code\u003e\u003c/a\u003e 3.11.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d58168733189f82b3fd0c058dff73e05d09202e6\"\u003e\u003ccode\u003ed581687\u003c/code\u003e\u003c/a\u003e build, clippy misc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/4105b29b2275f200f6fae01349bef02ccf1bc2e2\"\u003e\u003ccode\u003e4105b29\u003c/code\u003e\u003c/a\u003e writer::num\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370\"\u003e\u003ccode\u003e62bb185\u003c/code\u003e\u003c/a\u003e Fix sporadic crash on serializing object close\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/d860078a973f44401265c5c4ad12a7dbe4f839ad\"\u003e\u003ccode\u003ed860078\u003c/code\u003e\u003c/a\u003e PyRef idiom refactors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/343ae2f148197918aba9f8562db42c364620e4b8\"\u003e\u003ccode\u003e343ae2f\u003c/code\u003e\u003c/a\u003e Deserializer, Utf8Buffer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/7835f58d1c56947d1cf7a18acdfc07a2bca9b0f2\"\u003e\u003ccode\u003e7835f58\u003c/code\u003e\u003c/a\u003e PyBytesRef and other input refactor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/71e0516424ce1e11613eb1780f18e8cde83989fd\"\u003e\u003ccode\u003e71e0516\u003c/code\u003e\u003c/a\u003e PyStrRef\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/1096df42dc585fde837ed0c930a346f5ef7dbb94\"\u003e\u003ccode\u003e1096df4\u003c/code\u003e\u003c/a\u003e MSRV 1.89\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ijl/orjson/commit/b718e75b8ba18a707c2b44b6de14d52547573771\"\u003e\u003ccode\u003eb718e75\u003c/code\u003e\u003c/a\u003e Drop support for python3.9\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ijl/orjson/compare/3.10.15...3.11.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.3 to 46.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.7 - 2026-04-07\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be\n  passed to APIs that accept Python buffers, which could lead to buffer\n  overflow. **CVE-2026-39892**\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.\n\u003cp\u003e.. _v46-0-6:\u003c/p\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSECURITY ISSUE\u003c/strong\u003e: Fixed a bug where name constraints were not applied\nto peer names during verification when the leaf certificate contains a\nwildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\nincluding those used by the Web PKI. Credit to \u003cstrong\u003eOleh Konko (1seal)\u003c/strong\u003e for\nreporting the issue. \u003cstrong\u003eCVE-2026-34073\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003cbr /\u003e\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5\"\u003e\u003ccode\u003e622d672\u003c/code\u003e\u003c/a\u003e 46.0.7 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14602\"\u003e#14602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.3...46.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 5.1.0 to 6.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e) by \u003ca href=\"https://github.com/Ygnas\"\u003e\u003ccode\u003e@​Ygnas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e) by \u003ca href=\"https://github.com/rassie\"\u003e\u003ccode\u003e@​rassie\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e) by \u003ca href=\"https://github.com/astahlman\"\u003e\u003ccode\u003e@​astahlman\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e) by \u003ca href=\"https://github.com/ReinerBRO\"\u003e\u003ccode\u003e@​ReinerBRO\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.10.2, 2026-04-15\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.1...6.10.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.1, 2026-04-14\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse new parameter names for compress_identical_objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.10.0...6.10.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.10.0, 2026-04-10\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow custom XML entity declarations for XMP metadata (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3724\"\u003e#3724\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip MD5 key derivation for AES-256 encrypted PDFs (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3694\"\u003e#3694\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse remove_orphans in compress_identical_objects (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3310\"\u003e#3310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix PdfReadError when xref table contains comments before trailer (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3710\"\u003e#3710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly verify AES padding during decryption (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3699\"\u003e#3699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix stale object cache from non-authoritative object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3698\"\u003e#3698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix extract_links pairing when annotations include non-links (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3687\"\u003e#3687\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd AI policy (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3717\"\u003e#3717\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.2...6.10.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c476b4f293c8ef4cac07dfb755e5582d838fcdc0\"\u003e\u003ccode\u003ec476b4f\u003c/code\u003e\u003c/a\u003e REL: 6.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a\"\u003e\u003ccode\u003ec50a010\u003c/code\u003e\u003c/a\u003e SEC: Do not rely on possibly invalid /Size for incremental cloning (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3735\"\u003e#3735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\"\u003e\u003ccode\u003eac734da\u003c/code\u003e\u003c/a\u003e SEC: Introduce limits for FlateDecode parameters and image decoding (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3734\"\u003e#3734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b49e7eb45422c19b68ac59c51b7699409e74d44e\"\u003e\u003ccode\u003eb49e7eb\u003c/code\u003e\u003c/a\u003e REL: 6.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3\"\u003e\u003ccode\u003e62338e9\u003c/code\u003e\u003c/a\u003e SEC: Limit the allowed size of xref and object streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3733\"\u003e#3733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5dcc0aebaa2c732028ea8def2eb9982e324b7c11\"\u003e\u003ccode\u003e5dcc0ae\u003c/code\u003e\u003c/a\u003e DEV: Update pytest-benchmark to 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/b42e4aa98ae5c7fdd02558d165d39fe639fdf97d\"\u003e\u003ccode\u003eb42e4aa\u003c/code\u003e\u003c/a\u003e DEV: Update pinned pillow and pytest where possible (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3732\"\u003e#3732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/717446b1218a3eb236cb47d1bae2b68451ccb6c0\"\u003e\u003ccode\u003e717446b\u003c/code\u003e\u003c/a\u003e ROB: Consider strict mode setting for decryption errors (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/9e461d361b9004da68fc8e6acc4308cce68aa304\"\u003e\u003ccode\u003e9e461d3\u003c/code\u003e\u003c/a\u003e DEV: Bump softprops/action-gh-release from 2 to 3 (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3730\"\u003e#3730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/500d09d92fa80a6f1fcdfa46656893efd05e91ff\"\u003e\u003ccode\u003e500d09d\u003c/code\u003e\u003c/a\u003e TST: Update \u003ccode\u003etest_embedded_file__basic\u003c/code\u003e to use \u003ccode\u003etmp_path\u003c/code\u003e fixture (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3726\"\u003e#3726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/5.1.0...6.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `deepdiff` from 8.5.0 to 8.6.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/qlustered/deepdiff/releases\"\u003edeepdiff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e8.6.2 - Fix (CVE-2025-58367)\u003c/p\u003e\n\u003ch2\u003e8.6.1\u003c/h2\u003e\n\u003cp\u003eDeepDiff 8-6-1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatched security vulnerability in the Delta class which was vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it could lead to Denial of Service and Remote Code Execution (via insecure Pickle deserialization).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/0d07ec21d12b46ef4e489383b363eadc22d990fb\"\u003e\u003ccode\u003e0d07ec2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/791f5aac51b2da7f90375ab204256ef6a6b40206\"\u003e\u003ccode\u003e791f5aa\u003c/code\u003e\u003c/a\u003e updating CVE number\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a6aafea3ba5498aab6f9c77047c54949e7e968ae\"\u003e\u003ccode\u003ea6aafea\u003c/code\u003e\u003c/a\u003e updating docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/a0950abbe6263298bc4bdbc3ebb57edc1af079b4\"\u003e\u003ccode\u003ea0950ab\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.1 → 8.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/887128abe5e510341cc4a82f6914a82d5ff1b6a7\"\u003e\u003ccode\u003e887128a\u003c/code\u003e\u003c/a\u003e Fix (CVE-2025-58367)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/60ac5b903dbd662e0e83bf7b481df97d42f693df\"\u003e\u003ccode\u003e60ac5b9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/683756ef03064047744dbf4978ca27d2211a846f\"\u003e\u003ccode\u003e683756e\u003c/code\u003e\u003c/a\u003e Bump version: 8.6.0 → 8.6.1 and add security vulnerability notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/c69c06c13f75e849c770ade3f556cd16209fd183\"\u003e\u003ccode\u003ec69c06c\u003c/code\u003e\u003c/a\u003e Security fix: Prevent class pollution and remote code execution in Delta\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/b639fece73fe3ce4120261fdcff3cc7b826776e3\"\u003e\u003ccode\u003eb639fec\u003c/code\u003e\u003c/a\u003e updating the docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qlustered/deepdiff/commit/6f3d5eeb81083c816cf1a4f9eff3f1de2150a96a\"\u003e\u003ccode\u003e6f3d5ee\u003c/code\u003e\u003c/a\u003e Bump version: 8.5.0 → 8.6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qlustered/deepdiff/compare/8.5.0...8.6.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GlacierEQ/langflow/network/alerts).\n\n\u003c/details\u003e\n\n---\n\n📦 This PR updates 6 Python dependencies in the uv group, including significant version bumps for cryptography (43.0.3 → 46.0.7) and pypdf (5.1.0 → 6.10.2), along with important security fixes across multiple packages.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Security Updates**: Multiple CVE fixes including CVE-2026-25645 (requests), CVE-2026-39892 (cryptography), CVE-2025-58367 (deepdiff), and CVE-2026-30922 (pyasn1)\n- **Major Version Bumps**: pypdf upgraded from 5.1.0 to 6.10.2 (major version change), cryptography from 43.0.3 to 46.0.7 (major version change)\n- **Minor Updates**: requests (2.32.4 → 2.33.0), orjson (3.10.15 → 3.11.6), deepdiff (8.5.0 → 8.6.2), pyasn1 (0.6.1 → 0.6.3)\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 6 Dependencies]\n    B --\u003e C[Security Vulnerabilities]\n    B --\u003e D[Feature Updates]\n    C --\u003e E[CVE Fixes]\n    D --\u003e F[Performance Improvements]\n    E --\u003e G[Updated Dependencies]\n    F --\u003e G\n    G --\u003e H[Automated PR Creation]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including buffer overflow prevention, malicious file replacement protection, and stack overflow prevention\n- **Feature Improvements**: Adds inline types support in requests, improved JSON serialization in orjson, and enhanced PDF processing capabilities in pypdf\n- **Compatibility Updates**: Drops Python 3.9 support in some packages while adding Python 3.14 support, migrates to modern build systems (PEP 517)\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/langflow/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Flangflow/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"}},{"old_version":"0.4.8","new_version":"0.6.3","update_type":"minor","path":null,"pr_created_at":"2026-05-12T17:48:46.000Z","version_change":"0.4.8 → 0.6.3","issue":{"uuid":"4431380655","node_id":"PR_kwDOQpC-os7ayW8t","number":6,"state":"closed","title":"build(deps): bump the pip group across 8 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-16T01:58:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T17:48:46.000Z","updated_at":"2026-06-16T01:58:42.000Z","time_to_close":2966995,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"pip","update_count":10,"packages":[{"name":"pytest","old_version":"7.3.1","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"requests","old_version":"2.32.4","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"azure-core","old_version":"1.30.2","new_version":"1.38.0","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"cryptography","old_version":"44.0.1","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"protobuf","old_version":"5.29.5","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.4.8","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"urllib3","old_version":"2.5.0","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.1.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /src/win32/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 1 update in the /src/wazuh_modules/vulnerability_scanner/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 3 updates in the /src/wazuh_modules/inventory_sync/qa directory: [pytest](https://github.com/pytest-dev/pytest), [requests](https://github.com/psf/requests) and [pycryptodome](https://github.com/Legrandin/pycryptodome).\nBumps the pip group with 1 update in the /src/shared_modules/keystore/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 1 update in the /src/shared_modules/indexer_connector/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 1 update in the /src/engine/tools/evtx2xml directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /src/data_provider/qa directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 9 updates in the /framework directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `7.3.1` | `9.0.3` |\n| [requests](https://github.com/psf/requests) | `2.32.4` | `2.33.0` |\n| [azure-core](https://github.com/Azure/azure-sdk-for-python) | `1.30.2` | `1.38.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.1` | `46.0.7` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.5.0` | `2.7.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.3` | `3.1.6` |\n\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.4.3 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pycryptodome` from 3.19.0 to 3.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Legrandin/pycryptodome/releases\"\u003epycryptodome's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.19.1 - Zeil\u003c/h2\u003e\n\u003ch2\u003eResolved issues\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a side-channel leakage with OAEP decryption that could be\nexploited to carry out a Manger attack. Thanks to Hubert Kario.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst\"\u003epycryptodome's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.19.1 (28 December 2023)\n++++++++++++++++++++++++++\u003c/p\u003e\n\u003ch2\u003eResolved issues\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a side-channel leakage with OAEP decryption that could be\nexploited to carry out a Manger attack (CVE-2023-52323). Thanks to Hubert Kario.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/ef270ab436bddb437f8de122085bcf26dc9ad904\"\u003e\u003ccode\u003eef270ab\u003c/code\u003e\u003c/a\u003e Update wheels action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/3278edd0e99d1a45231de4b4b2a77b50963431e9\"\u003e\u003ccode\u003e3278edd\u003c/code\u003e\u003c/a\u003e Update changelog and version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/10e8216079e6965eddac4bf293c3049a8b76b5d7\"\u003e\u003ccode\u003e10e8216\u003c/code\u003e\u003c/a\u003e Update PSS verify signature code example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/4ec4b85c65210a2809974b2fd1e6677cf2b0fc57\"\u003e\u003ccode\u003e4ec4b85\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd\"\u003e\u003ccode\u003e0deea1b\u003c/code\u003e\u003c/a\u003e Use constant-time (faster) padding decoding also for OAEP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/519e7aea6de4e8f03b62c6e1dba724aca738882e\"\u003e\u003ccode\u003e519e7ae\u003c/code\u003e\u003c/a\u003e Avoid changing signature of RSA._decrypt() method if possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/1aa9dca20cd9485c8bcef2ecfdd05d407ae9edb7\"\u003e\u003ccode\u003e1aa9dca\u003c/code\u003e\u003c/a\u003e Update changelog and bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/afb5e27a15efe59e33c2825d40ef44995c13b8bc\"\u003e\u003ccode\u003eafb5e27\u003c/code\u003e\u003c/a\u003e Fix side-channel leakage in RSA decryption\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/ee91c677a0862914aa7c0bf5829dc59306a93630\"\u003e\u003ccode\u003eee91c67\u003c/code\u003e\u003c/a\u003e Update CMAC.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Legrandin/pycryptodome/commit/43a466d170a5e28187732b90b2a7594ab06b6c6d\"\u003e\u003ccode\u003e43a466d\u003c/code\u003e\u003c/a\u003e Fix small \u0026quot;passes\u0026quot; typo.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Legrandin/pycryptodome/compare/v3.19.0...v3.19.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.2.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.4 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0.2\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.2 (2025-12-06)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13896\"\u003e#13896\u003c/a\u003e: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.\u003c/p\u003e\n\u003cp\u003eYou may enable it again by passing \u003ccode\u003e-p terminalprogress\u003c/code\u003e. We may enable it by default again once compatibility improves in the future.\u003c/p\u003e\n\u003cp\u003eAdditionally, when the environment variable \u003ccode\u003eTERM\u003c/code\u003e is \u003ccode\u003edumb\u003c/code\u003e, the escape codes are no longer emitted, even if the plugin is enabled.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13904\"\u003e#13904\u003c/a\u003e: Fixed the TOML type of the \u003ccode\u003etmp_path_retention_count\u003c/code\u003e settings in the API reference from number to string.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute was changed in a breaking manner in pytest 9.0.0.\nDue to its usage in the ecosystem, it is now restored to working order using a compatibility shim.\nIt will be deprecated in pytest 9.1 and removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/7.2.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 7.3.1 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e ...\n\n_Description has been truncated_","html_url":"https://github.com/samuelrizerio/wazuh/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/samuelrizerio%2Fwazuh/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"0.5.0","new_version":"0.6.3","update_type":"minor","path":null,"pr_created_at":"2026-05-12T02:05:09.000Z","version_change":"0.5.0 → 0.6.3","issue":{"uuid":"4425631693","node_id":"PR_kwDOKpU2Js7afjt4","number":5,"state":"closed","title":"Bump the pip group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T01:27:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T02:05:09.000Z","updated_at":"2026-05-20T01:27:15.000Z","time_to_close":688924,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":10,"packages":[{"name":"certifi","old_version":"2023.7.22","new_version":"2024.7.4","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.4","new_version":"3.7","repository_url":"https://github.com/kjd/idna"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.5.0","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.0.7","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"werkzeug","old_version":"3.0.1","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"wheel","old_version":"0.41.3","new_version":"0.46.2","repository_url":"https://github.com/pypa/wheel"},{"name":"setuptools","old_version":"68.2.2","new_version":"78.1.1","repository_url":"https://github.com/pypa/setuptools"},{"name":"zipp","old_version":"3.17.0","new_version":"3.19.1","repository_url":"https://github.com/jaraco/zipp"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [certifi](https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.7.4` |\n| [idna](https://github.com/kjd/idna) | `3.4` | `3.7` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.0` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.0.7` | `2.7.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n| [wheel](https://github.com/pypa/wheel) | `0.41.3` | `0.46.2` |\n| [setuptools](https://github.com/pypa/setuptools) | `68.2.2` | `78.1.1` |\n| [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` |\n\n\nUpdates `certifi` from 2023.7.22 to 2024.7.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463\"\u003e\u003ccode\u003ebd81538\u003c/code\u003e\u003c/a\u003e 2024.07.04 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/06a2cbf21f345563dde6c28b60e29d57e9b210b3\"\u003e\u003ccode\u003e06a2cbf\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/13bba02b72bac97c432c277158bc04b4d2a6bc23\"\u003e\u003ccode\u003e13bba02\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/e8abcd0e62b334c164b95d49fcabdc9ecbca0554\"\u003e\u003ccode\u003ee8abcd0\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/124f4adf171e15cd9a91a8b6e0325ecc97be8fe1\"\u003e\u003ccode\u003e124f4ad\u003c/code\u003e\u003c/a\u003e 2024.06.02 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/c2196ce5d6ee675b27755a19948480a7823e2c6a\"\u003e\u003ccode\u003ec2196ce\u003c/code\u003e\u003c/a\u003e --- (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/fefdeec7588ff1c05214b85a552afcad5fdb51b2\"\u003e\u003ccode\u003efefdeec\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.4 to 4.1.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/3c5fb1560b826a7f83f1f9750173ff766492c9cf\"\u003e\u003ccode\u003e3c5fb15\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 4.1.6 to 4.1.7 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/4a9569a3eb58db8548536fc16c5c5c7af946a5b1\"\u003e\u003ccode\u003e4a9569a\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.2 to 4.1.4 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/1fc808626a895a916b1e4c2b63abae6c5eafdbe3\"\u003e\u003ccode\u003e1fc8086\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2023.07.22...2024.07.04\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.4 to 3.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/releases\"\u003eidna's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/kjd/idna/compare/v3.6...v3.7\"\u003ehttps://github.com/kjd/idna/compare/v3.6...v3.7\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.7 (2024-04-11)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Guido Vranken for reporting the issue.\u003c/p\u003e\n\u003cp\u003e3.6 (2023-11-25)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix regression to include tests in source distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.5 (2023-11-24)\n++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 15.1.0\u003c/li\u003e\n\u003cli\u003eString codec name is now \u0026quot;idna2008\u0026quot; as overriding the system codec\n\u0026quot;idna\u0026quot; was not working.\u003c/li\u003e\n\u003cli\u003eFix typing error for codec encoding\u003c/li\u003e\n\u003cli\u003e\u0026quot;setup.cfg\u0026quot; has been added for this release due to some downstream\nlack of adherence to PEP 517. Should be removed in a future release\nso please prepare accordingly.\u003c/li\u003e\n\u003cli\u003eRemoved reliance on a symlink for the \u0026quot;idna-data\u0026quot; tool to comport\nwith PEP 517 and the Python Packaging User Guide for sdist archives.\u003c/li\u003e\n\u003cli\u003eAdded security reporting protocol for project\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions\nto this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d\"\u003e\u003ccode\u003e1d365e1\u003c/code\u003e\u003c/a\u003e Release v3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c1b3154939907fab67c5754346afaebe165ce8e6\"\u003e\u003ccode\u003ec1b3154\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/172\"\u003e#172\u003c/a\u003e from kjd/optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0394ec76ff022813e770ba1fd89658790ea35623\"\u003e\u003ccode\u003e0394ec7\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into optimize-contextj\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/cd58a23173d2b0a40b95ee680baf3e59e8d33966\"\u003e\u003ccode\u003ecd58a23\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/152\"\u003e#152\u003c/a\u003e from elliotwutingfeng/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7\"\u003e\u003ccode\u003e5beb28b\u003c/code\u003e\u003c/a\u003e More efficient resolution of joiner contexts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1b121483ed04d9576a1291758f537e1318cddc8b\"\u003e\u003ccode\u003e1b12148\u003c/code\u003e\u003c/a\u003e Update ossf/scorecard-action to v2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d516b874c3388047934938a500c7488d52c4e067\"\u003e\u003ccode\u003ed516b87\u003c/code\u003e\u003c/a\u003e Update Github actions/checkout to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c095c75943413c75ebf8ac74179757031b7f80b7\"\u003e\u003ccode\u003ec095c75\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/60a0a4cb61ec6834d74306bd8a1fa46daac94c98\"\u003e\u003ccode\u003e60a0a4c\u003c/code\u003e\u003c/a\u003e Fix typo in GitHub Actions workflow key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5918a0ef8034379c2e409ae93ee11d24295bb201\"\u003e\u003ccode\u003e5918a0e\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into dev\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.4...v3.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 4.23.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.5.0 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.1\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.13.\u003c/li\u003e\n\u003cli\u003eCleaned Python 2-related code.\u003c/li\u003e\n\u003cli\u003eRemoved bdist_wheel universal flag from setup.cfg.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.0\u003c/h2\u003e\n\u003cp\u003eIt's a major release where we drop Python 2 support entirely.\nThe most significant changes are:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved support for EOL Python 2.7, 3.6, 3.7\u003c/li\u003e\n\u003cli\u003eAdded support for previously missing \u003ccode\u003eRELATIVE-OID\u003c/code\u003e construct\u003c/li\u003e\n\u003cli\u003eUpdated link to Layman's Guide\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/etingof/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.5.1\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for PyPy 3.10 and Python 3.12\u003c/li\u003e\n\u003cli\u003eUpdated RTD configuration to include a dummy index.rst redirecting to contents.html, ensuring compatibility with third-party documentation and search indexes.\u003c/li\u003e\n\u003cli\u003eFixed the API breakage wih decoder.decode(substrateFun=...).\nA substrateFun passed to \u003ccode\u003edecoder.decode()\u003c/code\u003e can now be either v0.4 Non-Streaming or v0.5 Streaming.\npyasn1 will detect and handle both cases transparently.\nA substrateFun passed to one of the new streaming decoders is still expected to be v0.5 Streaming only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.1, released 10-09-2024\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.13 and updated GitHub Actions\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/73\"\u003e#73\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/73/\"\u003epyasn1/pyasn1#73\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved Python 2 support and related code\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/62\"\u003e#62\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/62/\"\u003epyasn1/pyasn1#62\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/61\"\u003e#61\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/61/\"\u003epyasn1/pyasn1#61\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/60\"\u003e#60\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/60/\"\u003epyasn1/pyasn1#60\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error handling and consistency\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/71\"\u003e#71\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/71/\"\u003epyasn1/pyasn1#71\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/70\"\u003e#70\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/70/\"\u003epyasn1/pyasn1#70\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuntime deprecation of \u003ccode\u003etagMap\u003c/code\u003e and \u003ccode\u003etypeMap\u003c/code\u003e aliases\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/72\"\u003e#72\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/72/\"\u003epyasn1/pyasn1#72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed duplicated and missing declarations\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/64\"\u003e#64\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/64/\"\u003epyasn1/pyasn1#64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCleaned documentation and comments\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/63\"\u003e#63\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/63/\"\u003epyasn1/pyasn1#63\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved bdist_wheel universal flag from setup.cfg\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/69\"\u003e#69\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/69/\"\u003epyasn1/pyasn1#69\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.5.0...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.0.7 to 2.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.7.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been read and decompressed partially. (Reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or \u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed using the official \u003ca href=\"https://pypi.org/project/brotli/\"\u003eBrotli\u003c/a\u003e library. (Reported by \u003ca href=\"https://github.com/kimkou2024\"\u003e\u003ccode\u003e@​kimkou2024\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee GHSA-mf9v-mfxr-j63j for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip sensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by \u003ca href=\"https://github.com/christos-spearbit\"\u003e\u003ccode\u003e@​christos-spearbit\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3763\"\u003eurllib3/urllib3#3763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3720\"\u003eurllib3/urllib3#3720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003eurllib3/urllib3#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3777\"\u003eurllib3/urllib3#3777\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed data buffered from previous partial reads. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3636\"\u003eurllib3/urllib3#3636\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the response after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4967\"\u003eurllib3/urllib3#4967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.stream()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to handle \u003ccode\u003eamt=0\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3793\"\u003eurllib3/urllib3#3793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003e_TYPE_BODY\u003c/code\u003e type alias to include missing \u003ccode\u003eIterable[str]\u003c/code\u003e, matching the documented and runtime behavior of chunked request bodies. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3798\"\u003eurllib3/urllib3#3798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eLocationParseError\u003c/code\u003e when paths resembling schemeless URIs were passed to \u003ccode\u003eHTTPConnectionPool.urlopen()\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3352\"\u003eurllib3/urllib3#3352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eBaseHTTPResponse.readinto()\u003c/code\u003e type annotation to accept \u003ccode\u003ememoryview\u003c/code\u003e in addition to \u003ccode\u003ebytearray\u003c/code\u003e, matching the \u003ccode\u003eio.RawIOBase.readinto\u003c/code\u003e contract and enabling use with \u003ccode\u003eio.BufferedReader\u003c/code\u003e without type errors. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3764\"\u003eurllib3/urllib3#3764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.7.0 (2026-05-07)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cp\u003eAddressed high-severity security issues.\nImpact was limited to specific use cases detailed in the accompanying\nadvisories; overall user exposure was estimated to be marginal.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDecompression-bomb safeguards of the streaming API were bypassed:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eWhen \u003ccode\u003eHTTPResponse.drain_conn()\u003c/code\u003e was called after the response had been\nread and decompressed partially.\u003c/li\u003e\n\u003cli\u003eDuring the second \u003ccode\u003eHTTPResponse.read(amt=N)\u003c/code\u003e or\n\u003ccode\u003eHTTPResponse.stream(amt=N)\u003c/code\u003e call when the response was decompressed\nusing the official \u003ccode\u003eBrotli \u0026lt;https://pypi.org/project/brotli/\u0026gt;\u003c/code\u003e__ library.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eSee \u003ccode\u003eGHSA-mf9v-mfxr-j63j \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j\u0026gt;\u003c/code\u003e__\nfor details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTTP pools created using \u003ccode\u003eProxyManager.connection_from_url\u003c/code\u003e did not strip\nsensitive headers specified in \u003ccode\u003eRetry.remove_headers_on_redirect\u003c/code\u003e when\nredirecting to a different host.\n(\u003ccode\u003eGHSA-qccp-gfcp-xxvc \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc\u0026gt;\u003c/code\u003e__)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUsed \u003ccode\u003eFutureWarning\u003c/code\u003e instead of \u003ccode\u003eDeprecationWarning\u003c/code\u003e for better\nvisibility of existing deprecation notices. Rescheduled the removal of\ndeprecated features to version 3.0.\n(\u003ccode\u003e[#3763](https://github.com/urllib3/urllib3/issues/3763) \u0026lt;https://github.com/urllib3/urllib3/issues/3763\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life Python 3.9.\n(\u003ccode\u003e[#3720](https://github.com/urllib3/urllib3/issues/3720) \u0026lt;https://github.com/urllib3/urllib3/issues/3720\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eRemoved support for end-of-life PyPy3.10.\n(\u003ccode\u003e[#4979](https://github.com/urllib3/urllib3/issues/4979) \u0026lt;https://github.com/urllib3/urllib3/issues/4979\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eBumped the minimum supported pyOpenSSL version to 19.0.0.\n(\u003ccode\u003e[#3777](https://github.com/urllib3/urllib3/issues/3777) \u0026lt;https://github.com/urllib3/urllib3/issues/3777\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBugfixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read(amt=None)\u003c/code\u003e was ignoring decompressed\ndata buffered from previous partial reads.\n(\u003ccode\u003e[#3636](https://github.com/urllib3/urllib3/issues/3636) \u0026lt;https://github.com/urllib3/urllib3/issues/3636\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a bug where \u003ccode\u003eHTTPResponse.read()\u003c/code\u003e could cache only part of the\nresponse after a partial read when \u003ccode\u003ecache_content=True\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/9a950b92d999f906b6020bb2d1076ee56cddd5d2\"\u003e\u003ccode\u003e9a950b9\u003c/code\u003e\u003c/a\u003e Release 2.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc\"\u003e\u003ccode\u003e5ec0de4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a\"\u003e\u003ccode\u003e2bdcc44\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/f45b0df09d8620ac6ed0491eb9362c8c87b7bc2c\"\u003e\u003ccode\u003ef45b0df\u003c/code\u003e\u003c/a\u003e Fix a misleading example for \u003ccode\u003eProxyManager\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/577193ca029872384f82c133449e0935f6d8a64b\"\u003e\u003ccode\u003e577193c\u003c/code\u003e\u003c/a\u003e Switch to nightly PyPy3.11 in CI for now (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4984\"\u003e#4984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/e90af45bb006c3a452a3a21644a2681523f5c7fc\"\u003e\u003ccode\u003ee90af45\u003c/code\u003e\u003c/a\u003e Avoid infinite loop in \u003ccode\u003eHTTPResponse.read_chunked\u003c/code\u003e when \u003ccode\u003eamt=0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4974\"\u003e#4974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/67ed74fdaec6659a6534621ec8e3aaaa6f976210\"\u003e\u003ccode\u003e67ed74f\u003c/code\u003e\u003c/a\u003e Bump dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4972\"\u003e#4972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/3abd481097b54d87b574ac7ea593c3f40938a84d\"\u003e\u003ccode\u003e3abd481\u003c/code\u003e\u003c/a\u003e Upgrade mypy to version 1.20.2 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4978\"\u003e#4978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2b8725dfcac4f21d4d93cc0cc3a64a33af08f890\"\u003e\u003ccode\u003e2b8725d\u003c/code\u003e\u003c/a\u003e Drop support for EOL PyPy3.10 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4979\"\u003e#4979\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/2944b2a0a6c573f5548a39cfd17196f98ee21b33\"\u003e\u003ccode\u003e2944b2a\u003c/code\u003e\u003c/a\u003e Upgrade \u003ccode\u003esetup-chrome\u003c/code\u003e and \u003ccode\u003esetup-firefox\u003c/code\u003e to fix warnings (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/4973\"\u003e#4973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.0.7...2.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.1 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.1...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wheel` from 0.41.3 to 0.46.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/releases\"\u003ewheel's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.46.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than v70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a \u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the destination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module (\u003ca href=\"https://redirect.github.com/pypa/wheel/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point. The \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to \u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's imported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exception when calling the \u003ccode\u003econvert\u003c/code\u003e command with an empty description field\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pure Python wheels converted from eggs and wininst files having the ABI tag in the file name\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRefactored the \u003ccode\u003econvert\u003c/code\u003e command to not need setuptools to be installed\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDon't configure setuptools logging unless running \u003ccode\u003ebdist_wheel\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a redirection from \u003ccode\u003ewheel.bdist_wheel.bdist_wheel\u003c/code\u003e to \u003ccode\u003esetuptools.command.bdist_wheel.bdist_wheel\u003c/code\u003e to improve compatibility with \u003ccode\u003esetuptools\u003c/code\u003e' latest fixes.\u003c/p\u003e\n\u003cp\u003eProjects are still advised to migrate away from the deprecated module and import the \u003ccode\u003esetuptools\u003c/code\u003e' implementation explicitly. (PR by \u003ca href=\"https://github.com/abravalheri\"\u003e\u003ccode\u003e@​abravalheri\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCanonicalized requirements in METADATA file (PR by Wim Jeantine-Glenn)\u003c/li\u003e\n\u003cli\u003eDeprecated the \u003ccode\u003ebdist_wheel\u003c/code\u003e module, as the code was migrated to \u003ccode\u003esetuptools\u003c/code\u003e itself\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.43.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7\u003c/li\u003e\n\u003cli\u003eUpdated vendored \u003ccode\u003epackaging\u003c/code\u003e to 24.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.42.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllowed removing build tag with \u003ccode\u003ewheel tags --build \u0026quot;\u0026quot;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel pack\u003c/code\u003e and \u003ccode\u003ewheel tags\u003c/code\u003e writing updated \u003ccode\u003eWHEEL\u003c/code\u003e fields after a blank line, causing other tools to ignore them\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel pack\u003c/code\u003e and \u003ccode\u003ewheel tags\u003c/code\u003e writing \u003ccode\u003eWHEEL\u003c/code\u003e with CRLF line endings or a mix of CRLF and LF\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel pack --build-number \u0026quot;\u0026quot;\u003c/code\u003e not removing build tag from \u003ccode\u003eWHEEL\u003c/code\u003e (above changes by Benjamin Gilbert)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/wheel/blob/main/docs/news.rst\"\u003ewheel's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease Notes\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003e0.47.0 (2026-04-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ewheel info\u003c/code\u003e subcommand to display metadata about wheel files without\nunpacking them (\u003ccode\u003e[#639](https://github.com/pypa/wheel/issues/639) \u0026lt;https://github.com/pypa/wheel/issues/639\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eWheelFile\u003c/code\u003e raising \u003ccode\u003eMissing RECORD file\u003c/code\u003e when the wheel filename contains\nuppercase characters (e.g. \u003ccode\u003eDjango-3.2.5.whl\u003c/code\u003e) but the \u003ccode\u003e.dist-info\u003c/code\u003e directory\ninside uses normalized lowercase naming\n(\u003ccode\u003e[#411](https://github.com/pypa/wheel/issues/411) \u0026lt;https://github.com/pypa/wheel/issues/411\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.3 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eImportError: cannot import name '_setuptools_logging' from 'wheel'\u003c/code\u003e when\ninstalled alongside an old version of setuptools and running the \u003ccode\u003ebdist_wheel\u003c/code\u003e\ncommand (\u003ccode\u003e[#676](https://github.com/pypa/wheel/issues/676) \u0026lt;https://github.com/pypa/wheel/issues/676\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.2 (2026-01-22)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored the \u003ccode\u003ebdist_wheel\u003c/code\u003e command for compatibility with \u003ccode\u003esetuptools\u003c/code\u003e older than\nv70.1\u003c/li\u003e\n\u003cli\u003eImporting \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e now emits a \u003ccode\u003eFutureWarning\u003c/code\u003e instead of a\n\u003ccode\u003eDeprecationWarning\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003ewheel unpack\u003c/code\u003e potentially altering the permissions of files outside of the\ndestination tree with maliciously crafted wheels (CVE-2026-24049)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.1 (2025-04-08)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTemporarily restored the \u003ccode\u003ewheel.macosx_libfile\u003c/code\u003e module\n(\u003ccode\u003e[#659](https://github.com/pypa/wheel/issues/659) \u0026lt;https://github.com/pypa/wheel/issues/659\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e0.46.0 (2025-04-03)\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.8\u003c/li\u003e\n\u003cli\u003eRemoved the \u003ccode\u003ebdist_wheel\u003c/code\u003e setuptools command implementation and entry point.\nThe \u003ccode\u003ewheel.bdist_wheel\u003c/code\u003e module is now just an alias to\n\u003ccode\u003esetuptools.command.bdist_wheel\u003c/code\u003e, emitting a deprecation warning on import.\u003c/li\u003e\n\u003cli\u003eRemoved vendored \u003ccode\u003epackaging\u003c/code\u003e in favor of a run-time dependency on it\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.metadata\u003c/code\u003e module private (with a deprecation warning if it's\nimported\u003c/li\u003e\n\u003cli\u003eMade the \u003ccode\u003ewheel.cli\u003c/code\u003e package private (no deprecation warning)\u003c/li\u003e\n\u003cli\u003eFixed an exc...\n\n_Description has been truncated_","html_url":"https://github.com/evgri243/tensorflow/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/evgri243%2Ftensorflow/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-09T02:53:05.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4410793646","node_id":"PR_kwDORdxBOc7ZwpRC","number":43,"state":"closed","title":"chore(deps): bump the pip group across 15 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-11T22:19:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T02:53:05.000Z","updated_at":"2026-05-11T22:19:40.000Z","time_to_close":242793,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":11,"packages":[{"name":"google-cloud-aiplatform","old_version":"1.87.0","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"protobuf","old_version":"4.25.8","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"urllib3","old_version":"1.26.20","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 2 updates in the /gemini/multimodal-live-api/project-livewire/server directory: [python-dotenv](https://github.com/theskumar/python-dotenv) and [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /gemini/sample-apps/gemini-live-telephony-app directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the pip group with 1 update in the /gemini/sample-apps/genwealth/function-scripts/analyze-prospectus directory: [langchain-core](https://github.com/langchain-ai/langchain).\nBumps the pip group with 2 updates in the /gemini/sample-apps/genwealth/function-scripts/process-pdf directory: [langchain-core](https://github.com/langchain-ai/langchain) and [langchain-text-splitters](https://github.com/langchain-ai/langchain).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-multi-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 3 updates in the /gemini/sample-apps/quickbot/conversational-app-single-playbook/functions/create-intent directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [langchain-core](https://github.com/langchain-ai/langchain) and [flask](https://github.com/pallets/flask).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/document-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [pillow](https://github.com/python-pillow/Pillow) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 4 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [requests](https://github.com/psf/requests), [langchain-core](https://github.com/langchain-ai/langchain) and [urllib3](https://github.com/urllib3/urllib3).\nBumps the pip group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the pip group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n\nBumps the pip group with 4 updates in the /search/cloud-function/python directory: [python-dotenv](https://github.com/theskumar/python-dotenv), [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 0.3.31 to 1.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.3.3\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.2\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\nfix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\nfix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\nchore: bump notebook from 7.5.0 to 7.5.6 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37109\"\u003e#37109\u003c/a\u003e)\nchore: bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37129\"\u003e#37129\u003c/a\u003e)\nfix(core): preserve structured \u003ccode\u003einputs\u003c/code\u003e on tool runs in tracers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37108\"\u003e#37108\u003c/a\u003e)\nrelease(perplexity): 1.2.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37091\"\u003e#37091\u003c/a\u003e)\nchore(docs): update x handle references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37081\"\u003e#37081\u003c/a\u003e)\nfix(core): make \u003ccode\u003eremoval\u003c/code\u003e optional in \u003ccode\u003ewarn_deprecated\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37056\"\u003e#37056\u003c/a\u003e)\nfix(core): validate batch_size in _batch and _abatch to prevent infinite loop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36663\"\u003e#36663\u003c/a\u003e)\nchore(core): mark stream_v2/astream_v2 as beta (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36992\"\u003e#36992\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36990\"\u003e#36990\u003c/a\u003e)\nfeat(core): add content-block-centric streaming (v2) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36834\"\u003e#36834\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.3.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36972\"\u003e#36972\u003c/a\u003e)\nfeat(core): allow _format_output to pass through list of ToolOutputMixin instances (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36963\"\u003e#36963\u003c/a\u003e)\nchore: bump nbconvert from 7.17.0 to 7.17.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36923\"\u003e#36923\u003c/a\u003e)\nfeat(core): Update inheritance behavior for tracer metadata for special keys (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36900\"\u003e#36900\u003c/a\u003e)\nchore: bump langsmith from 0.7.13 to 0.7.31 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36813\"\u003e#36813\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.2.31\u003c/p\u003e\n\u003cp\u003erelease(core): release 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36851\"\u003e#36851\u003c/a\u003e)\nrelease(core): 1.3.0a3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36829\"\u003e#36829\u003c/a\u003e)\nchore(core): keep checkpoint_ns behavior in streaming metadata for backwards compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36828\"\u003e#36828\u003c/a\u003e)\nfeat(core): Add chat model and LLM invocation params to traceable metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36771\"\u003e#36771\u003c/a\u003e)\nfix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36816\"\u003e#36816\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore(core): harden private SSRF utilities (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36768\"\u003e#36768\u003c/a\u003e)\nfix(openai): handle content blocks without type key in responses api conversion (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36725\"\u003e#36725\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36719\"\u003e#36719\u003c/a\u003e)\nrelease(core): 1.3.0.a2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36698\"\u003e#36698\u003c/a\u003e)\nfix(core): Use reference counting for storing inherited run trees to support garbage collection (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36660\"\u003e#36660\u003c/a\u003e)\ndocs(core): nit (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36685\"\u003e#36685\u003c/a\u003e)\nrelease(core): 1.3.0a1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36656\"\u003e#36656\u003c/a\u003e)\nchore(core): reduce streaming metadata / perf (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36588\"\u003e#36588\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-core==1.3.0a3\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5039dfec1f8e78459540a7f1b52fb0d6d82e3f07\"\u003e\u003ccode\u003e5039dfe\u003c/code\u003e\u003c/a\u003e release(core): 1.3.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37198\"\u003e#37198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/55a7707837742c2f7a9b7e4a5dd428bf615f3b82\"\u003e\u003ccode\u003e55a7707\u003c/code\u003e\u003c/a\u003e fix(core): set deprecation \u003ccode\u003esince\u003c/code\u003e to 1.3.3 to match release (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37200\"\u003e#37200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c979c6187b6d82f4bef35b10b84b39fa44806b22\"\u003e\u003ccode\u003ec979c61\u003c/code\u003e\u003c/a\u003e fix(core, langchain): harden \u003ccode\u003eload()\u003c/code\u003e against untrusted manifests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37197\"\u003e#37197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/d7031101da78e3f6b6c5956b48a5170c1a33292b\"\u003e\u003ccode\u003ed703110\u003c/code\u003e\u003c/a\u003e docs: update README.md (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37190\"\u003e#37190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4d50a2a68b38e9acc53027ea7e7cc89e2d80b4c7\"\u003e\u003ccode\u003e4d50a2a\u003c/code\u003e\u003c/a\u003e ci(infra): run pre-release checks before TestPyPI publish (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37194\"\u003e#37194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9bd730e1991baac4ea80aa07d93110dc1b52ee25\"\u003e\u003ccode\u003e9bd730e\u003c/code\u003e\u003c/a\u003e fix(fireworks): require \u003ccode\u003eapi_key\u003c/code\u003e in \u003ccode\u003eFireworksEmbeddings\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37193\"\u003e#37193\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f475f4191fc3a8d3cf14063b44d524594c080c04\"\u003e\u003ccode\u003ef475f41\u003c/code\u003e\u003c/a\u003e release(mistralai): 1.1.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37191\"\u003e#37191\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/7dbff48aff508b01dc231ea0cbd4e4e09da92c97\"\u003e\u003ccode\u003e7dbff48\u003c/code\u003e\u003c/a\u003e fix(mistralai): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37188\"\u003e#37188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/913816c440ea79295370e1af6484e17b86e5d03c\"\u003e\u003ccode\u003e913816c\u003c/code\u003e\u003c/a\u003e release(fireworks): 1.3.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37189\"\u003e#37189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/4498d3dc84a85688fa4d15476403a900bc7f9114\"\u003e\u003ccode\u003e4498d3d\u003c/code\u003e\u003c/a\u003e fix(fireworks): strip non-wire keys from \u003ccode\u003eToolMessage\u003c/code\u003e text content blocks (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==0.3.31...langchain-core==1.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-text-splitters` from 0.3.9 to 1.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-text-splitters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.1\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\nfix(text-splitters): deprecate and use SSRF-safe transport in split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36821\"\u003e#36821\u003c/a\u003e)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\nchore(deps): bump pytest to \u003ccode\u003e9.0.3\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36801\"\u003e#36801\u003c/a\u003e)\nchore: bump pytest from 9.0.2 to 9.0.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36714\"\u003e#36714\u003c/a\u003e)\nchore: add comment explaining \u003ccode\u003epygments\u0026gt;=2.20.0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36570\"\u003e#36570\u003c/a\u003e)\nrelease(core): 1.2.26 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36511\"\u003e#36511\u003c/a\u003e)\nchore: pygments\u0026gt;=2.20.0 across all packages (CVE-2026-4539) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36385\"\u003e#36385\u003c/a\u003e)\nfix(text-splitters): prevent silent data loss for empty dict values in RecursiveJsonSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35079\"\u003e#35079\u003c/a\u003e)\nfeat(text-splitters): support spacy tests with Python 3.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36198\"\u003e#36198\u003c/a\u003e)\nfix(infra): correct lint_diff relative paths in package makefiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36333\"\u003e#36333\u003c/a\u003e)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36238\"\u003e#36238\u003c/a\u003e)\nchore: bump nltk from 3.9.3 to 3.9.4 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36237\"\u003e#36237\u003c/a\u003e)\nchore(partners): bump \u003ccode\u003elangchain-core\u003c/code\u003e min to \u003ccode\u003e1.2.21\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36183\"\u003e#36183\u003c/a\u003e)\nchore(text-splitters): bump nltk in lock file (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36112\"\u003e#36112\u003c/a\u003e)\nci: suppress pytest streaming output in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36092\"\u003e#36092\u003c/a\u003e)\nchore(text-splitters): speed up ci (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36050\"\u003e#36050\u003c/a\u003e)\nci: avoid unnecessary dep installs in lint targets (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36046\"\u003e#36046\u003c/a\u003e)\nchore: bump orjson from 3.11.5 to 3.11.6 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35856\"\u003e#35856\u003c/a\u003e)\nchore: bump locks, lint (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35985\"\u003e#35985\u003c/a\u003e)\nperf(.github): set a timeout on get min versions HTTP calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35851\"\u003e#35851\u003c/a\u003e)\nchore: bump tornado from 6.5.2 to 6.5.5 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35774\"\u003e#35774\u003c/a\u003e)\nchore: bump the minor-and-patch group across 3 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35589\"\u003e#35589\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35512\"\u003e#35512\u003c/a\u003e)\nchore: bump nltk from 3.9.2 to 3.9.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35449\"\u003e#35449\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35407\"\u003e#35407\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-text-splitters==1.1.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-text-splitters==1.1.0\u003c/p\u003e\n\u003cp\u003erelease(text-splitters): 1.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35318\"\u003e#35318\u003c/a\u003e)\nfix(text-splitters): prevent JSFrameworkTextSplitter from mutating self._separators on each split_text() call (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35316\"\u003e#35316\u003c/a\u003e)\nchore: bump transformers from 5.1.0 to 5.2.0 in /libs/text-splitters in the other-deps group across 1 directory (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35279\"\u003e#35279\u003c/a\u003e)\nchore: bump the other-deps group across 3 directories with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35255\"\u003e#35255\u003c/a\u003e)\nstyle: bump ruff version to 0.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35042\"\u003e#35042\u003c/a\u003e)\nfix: Server-Side Request Forgery (SSRF) in HTMLHeaderTextSplitter.split_text_from_url (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35196\"\u003e#35196\u003c/a\u003e)\nfeat(text-splitters): add model_kwargs to SentenceTransformersTokenTextSplitter (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35113\"\u003e#35113\u003c/a\u003e)\nchore(deps): bump langsmith from 0.4.31 to 0.6.3 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35162\"\u003e#35162\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 12 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35127\"\u003e#35127\u003c/a\u003e)\nchore(deps): bump the other-deps group across 3 directories with 8 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35120\"\u003e#35120\u003c/a\u003e)\nchore: add \u003ccode\u003emake type\u003c/code\u003e target (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35015\"\u003e#35015\u003c/a\u003e)\nrevert: \u0026quot;chore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e\u0026quot; (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35013\"\u003e#35013\u003c/a\u003e)\nchore: add typing target in \u003ccode\u003eMakefile\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35012\"\u003e#35012\u003c/a\u003e)\nfix(text-splitters): reverse preserved elements iterator in \u003ccode\u003eHTMLSemanticPreservingSplitter\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34080\"\u003e#34080\u003c/a\u003e)\nchore: enrich \u003ccode\u003epyproject.toml\u003c/code\u003e files (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34980\"\u003e#34980\u003c/a\u003e)\nchore(deps): bump the uv group across 20 directories with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34941\"\u003e#34941\u003c/a\u003e)\nchore: upgrade urllib3 to 2.6.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34940\"\u003e#34940\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/58c4e5bbdd9d18d7fe7ec83b5a05477d06fe2a8e\"\u003e\u003ccode\u003e58c4e5b\u003c/code\u003e\u003c/a\u003e release(text-splitters): 1.1.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36822\"\u003e#36822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/c289bf10e940e960a132d7403482283114063063\"\u003e\u003ccode\u003ec289bf1\u003c/code\u003e\u003c/a\u003e fix(text-splitters): deprecate and use SSRF-safe transport in split_text_from...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/b7447c6969fc928ec3f29c200e2e56c0a46c4c77\"\u003e\u003ccode\u003eb7447c6\u003c/code\u003e\u003c/a\u003e fix(infra): skip serdes tests in min-version release step (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36818\"\u003e#36818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/41c0cc58b0dac82000d24715f7a4b44dc8b01fd3\"\u003e\u003ccode\u003e41c0cc5\u003c/code\u003e\u003c/a\u003e release(openai): 1.1.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36820\"\u003e#36820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0516156ef98f5001129f6d47bc8682d6536d58fb\"\u003e\u003ccode\u003e0516156\u003c/code\u003e\u003c/a\u003e fix(openai): use SSRF-safe transport for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36819\"\u003e#36819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/338aa8131a8124e7aa1e042616ccd2366ff9f699\"\u003e\u003ccode\u003e338aa81\u003c/code\u003e\u003c/a\u003e fix(core): restore cloud metadata IPs and link-local range in SSRF policy (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51e954877efd2d2c3c5bf09364dcfec8794eadb0\"\u003e\u003ccode\u003e51e9548\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/text-splitters (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36797\"\u003e#36797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/e85c418cfa559d4a794ddc6db92c6febab44651c\"\u003e\u003ccode\u003ee85c418\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/model-profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36798\"\u003e#36798\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/789126e6c78ad74664bea26228dda6e72e135dce\"\u003e\u003ccode\u003e789126e\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/standard-tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36799\"\u003e#36799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/937b3eb3827551d17ee4736f9acc4aa57e88c716\"\u003e\u003ccode\u003e937b3eb\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.6.3 to 0.7.31 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36800\"\u003e#36800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-text-splitters==0.3.9...langchain-text-splitters==1.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google-cloud-aiplatform` from 1.69.0 to 1.133.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/releases\"\u003egoogle-cloud-aiplatform's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.133.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_RUBRICS\u0026quot; or \u0026quot;OPTIMIZATION_TARGET_FEW_SHOT_TARGET_RESPONSE\u0026quot; to the \u003ccode\u003eoptimize_prompt\u003c/code\u003e method (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/715cc5b71b996eecde2d97bad71a617274739dcc\"\u003e715cc5b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client(memory): Add enable_third_person_memories (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/65717fa0c3d9b8c3105638cf9c75ee415f36b6e0\"\u003e65717fa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Developer Connect in AE (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/04f1771e16f54a0627ecac1266764ca77f833694\"\u003e04f1771\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd None check for agent_info in evals.py (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/c8c0f0f7eb67696c2e91902af7e6dca20cea2040\"\u003ec8c0f0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI client(evals) - Fix TypeError in _build_generate_content_config (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/be2eaaa30dbf13a86f6856771eeacd2a51a97806\"\u003ebe2eaaa\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake project_number to project_id mapping fail-open. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/f1c8458dd5e4641cb03ff175f0837b6d6017c131\"\u003ef1c8458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/83f4076706d808dcc0e1784219856846540e10da\"\u003e83f4076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace asyncio.run with create_task in ADK async thread mains. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/8c876ef069d0fe6942790ede41e203196cd4a390\"\u003e8c876ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire uri or staging bucket configuration for saving model to Vertex Experiment. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/5448f065fa30d77c2ee0868249ec0bea6a93a4c0\"\u003e5448f06\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn embedding metadata if available (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/d9c6eb199b6ccc1fae417463e1b374574f2ae2f8\"\u003ed9c6eb1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eexamples_dataframe\u003c/code\u003e type to \u003ccode\u003ePandasDataFrame\u003c/code\u003e in Prompt Optimizer. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a2564cc3ea5c4860ee732f14cea9db2c10b52420\"\u003ea2564cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.132.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.131.0...v1.132.0\"\u003e1.132.0\u003c/a\u003e (2025-12-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Lustre support to the Vertex Training Custom Job API (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA comment for field \u003ccode\u003erestart_job_on_worker_restart\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eA comment for field \u003ccode\u003etimeout\u003c/code\u003e in message \u003ccode\u003e.google.cloud.aiplatform.v1beta1.Scheduling\u003c/code\u003e is changed (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/71747e8cbb028f321fd9499bd77656b083909eb0\"\u003e71747e8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.131.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.130.0...v1.131.0\"\u003e1.131.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow list of events to be passed to AdkApp.async_stream_query (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/dd8840a5012b2762f8b8971b6cea4302ac5c648d\"\u003edd8840a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI Client(evals) - Support CustomCodeExecution metric in Vertex Gen AI Eval Service (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/4114728750b5b12f991a18df87c1f1a570d1b29d\"\u003e4114728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdates the ADK template to direct structured JSON logs to standard output. (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/a65ec297c5b8d99e4d2dfb49473c189197198f97\"\u003ea65ec29\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/googleapis/python-aiplatform/blob/main/CHANGELOG.md\"\u003egoogle-cloud-aiplatform's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/googleapis/python-aiplatform/compare/v1.132.0...v1.133.0\"\u003e1.133.0\u003c/a\u003e (2026-01-08)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate tuning public preview SDK in favor of tuning SDK (\u003ca href=\"https://github.com/googleapis/python-aiplatform/commit/35d362ce8f6c50498f781857e0d8cabd327284be\"\u003e35d362c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGenAI SDK client - Enabling Few-shot Prompt Optimization by passing either \u0026qu...\n\n_Description has been truncated_","html_url":"https://github.com/Surfndez/generative-ai/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Surfndez%2Fgenerative-ai/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-07T23:36:39.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4402644444","node_id":"PR_kwDOKc_0J87ZVv-T","number":3495,"state":"open","title":"chore(deps): bump the uv group across 3 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T23:36:39.000Z","updated_at":"2026-05-07T23:37:45.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":9,"packages":[{"name":"pytest","old_version":"8.3.3","new_version":"8.4.2","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"flask","old_version":"3.0.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"python-dotenv","old_version":"1.0.1","new_version":"1.2.1","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"requests","old_version":"2.32.3","new_version":"2.32.5","repository_url":"https://github.com/psf/requests"},{"name":"pip","old_version":"25.1.1","new_version":"26.0.1","repository_url":"https://github.com/pypa/pip"},{"name":"h11","old_version":"0.14.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /baml_language/sdks/python/rust/bridge_python directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 7 updates in the /integ-tests/python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pytest](https://github.com/pytest-dev/pytest) | `8.3.3` | `8.4.2` |\n| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.1` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.32.5` |\n| [pip](https://github.com/pypa/pip) | `25.1.1` | `26.0.1` |\n| [h11](https://github.com/python-hyper/h11) | `0.14.0` | `0.16.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n\nBumps the uv group with 1 update in the /integ-tests/python-v1 directory: [pydantic](https://github.com/pydantic/pydantic).\n\nUpdates `pytest` from 9.0.2 to 9.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 8.3.3 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.3\u003c/h2\u003e\n\u003ch1\u003epytest 9.0.3 (2026-04-07)\u003c/h1\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12444\"\u003e#12444\u003c/a\u003e: Fixed \u003ccode\u003epytest.approx\u003c/code\u003e which now correctly takes into account \u003ccode\u003e~collections.abc.Mapping\u003c/code\u003e keys order to compare them.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13634\"\u003e#13634\u003c/a\u003e: Blocking a \u003ccode\u003econftest.py\u003c/code\u003e file using the \u003ccode\u003e-p no:\u003c/code\u003e option is now explicitly disallowed.\u003c/p\u003e\n\u003cp\u003ePreviously this resulted in an internal assertion failure during plugin loading.\u003c/p\u003e\n\u003cp\u003ePytest now raises a clear \u003ccode\u003eUsageError\u003c/code\u003e explaining that conftest files are not plugins and cannot be disabled via \u003ccode\u003e-p\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13734\"\u003e#13734\u003c/a\u003e: Fixed crash when a test raises an exceptiongroup with \u003ccode\u003e__tracebackhide__ = True\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14195\"\u003e#14195\u003c/a\u003e: Fixed an issue where non-string messages passed to \u003c!-- raw HTML omitted --\u003eunittest.TestCase.subTest()\u003c!-- raw HTML omitted --\u003e were not printed.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e: Fixed use of insecure temporary directory (CVE-2025-71176).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImproved documentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13388\"\u003e#13388\u003c/a\u003e: Clarified documentation for \u003ccode\u003e-p\u003c/code\u003e vs \u003ccode\u003ePYTEST_PLUGINS\u003c/code\u003e plugin loading and fixed an incorrect \u003ccode\u003e-p\u003c/code\u003e example.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13731\"\u003e#13731\u003c/a\u003e: Clarified that capture fixtures (e.g. \u003ccode\u003ecapsys\u003c/code\u003e and \u003ccode\u003ecapfd\u003c/code\u003e) take precedence over the \u003ccode\u003e-s\u003c/code\u003e / \u003ccode\u003e--capture=no\u003c/code\u003e command-line options in \u003ccode\u003eAccessing captured output from a test function \u0026lt;accessing-captured-output\u0026gt;\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14088\"\u003e#14088\u003c/a\u003e: Clarified that the default \u003ccode\u003epytest_collection\u003c/code\u003e hook sets \u003ccode\u003esession.items\u003c/code\u003e before it calls \u003ccode\u003epytest_collection_finish\u003c/code\u003e, not after.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14255\"\u003e#14255\u003c/a\u003e: TOML integer log levels must be quoted: Updating reference documentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributor-facing changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12689\"\u003e#12689\u003c/a\u003e: The test reports are now published to Codecov from GitHub Actions.\nThe test statistics is visible \u003ca href=\"https://app.codecov.io/gh/pytest-dev/pytest/tests\"\u003eon the web interface\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e-- by \u003ccode\u003ealeguy02\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a7d58d7a21b78581e636bbbdea13c66ad1657c1e\"\u003e\u003ccode\u003ea7d58d7\u003c/code\u003e\u003c/a\u003e Prepare release version 9.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/089d98199c253d8f89a040243bc4f2aa6cd5ab22\"\u003e\u003ccode\u003e089d981\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14366\"\u003e#14366\u003c/a\u003e from bluetech/revert-14193-backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/8127eaf4ab7f6b2fdd0dc1b38343ec97aeef05ac\"\u003e\u003ccode\u003e8127eaf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Fix: assertrepr_compare respects dict insertion order (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14050\"\u003e#14050\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14193\"\u003e#14193\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/99a7e6029e7a6e8d53e5df114b1346e035370241\"\u003e\u003ccode\u003e99a7e60\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14363\"\u003e#14363\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/95d8423bd...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ddee02a578da30dd43aedc39c1c1f1aaadfcee95\"\u003e\u003ccode\u003eddee02a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14343\"\u003e#14343\u003c/a\u003e from bluetech/cve-2025-71176-simple\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/74eac6916fee34726cb194f16c516e96fbd29619\"\u003e\u003ccode\u003e74eac69\u003c/code\u003e\u003c/a\u003e doc: Update training info (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14298\"\u003e#14298\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14301\"\u003e#14301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f92dee777cfdb77d1c43633d02766ddf1f07c869\"\u003e\u003ccode\u003ef92dee7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14267\"\u003e#14267\u003c/a\u003e from pytest-dev/patchback/backports/9.0.x/d6fa26c62...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/7ee58acc8777c31ac6cf388d01addf5a414a7439\"\u003e\u003ccode\u003e7ee58ac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12378\"\u003e#12378\u003c/a\u003e from Pierre-Sassoulas/fix-implicit-str-concat-and-d...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/37da870d37e3a2f5177cae075c7b9ae279432bf8\"\u003e\u003ccode\u003e37da870\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14259\"\u003e#14259\u003c/a\u003e from mitre88/patch-4 (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14268\"\u003e#14268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/c34bfa3b7acb65b594707c714f1d8461b0304eed\"\u003e\u003ccode\u003ec34bfa3\u003c/code\u003e\u003c/a\u003e Add explanation for string context diffs (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14257\"\u003e#14257\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14266\"\u003e#14266\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.2...9.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.0.1 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport reading .env from FIFOs (Unix) by \u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/586\"\u003etheskumar/python-dotenv#586\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CI to use trusted publishing on PyPI\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/586\"\u003etheskumar/python-dotenv#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.0...v1.2.1\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.0...v1.2.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estyle: upgrade to use ruff by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/567\"\u003etheskumar/python-dotenv#567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse sys.exit() instead of exit() by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/568\"\u003etheskumar/python-dotenv#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat:  add \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e flag to disable load_dotenv (fixes \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/510\"\u003e#510\u003c/a\u003e) by \u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/569\"\u003etheskumar/python-dotenv#569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded Python@3.14: Github CI \u0026amp; tox.ini by \u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/579\"\u003etheskumar/python-dotenv#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eocs: clarify what load_dotenv() does in README by \u003ca href=\"https://github.com/cybercoded\"\u003e\u003ccode\u003e@​cybercoded\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/575\"\u003etheskumar/python-dotenv#575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/577\"\u003etheskumar/python-dotenv#577\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove project metadata and config to pyproject.toml by \u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/583\"\u003etheskumar/python-dotenv#583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/569\"\u003etheskumar/python-dotenv#569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/579\"\u003etheskumar/python-dotenv#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cybercoded\"\u003e\u003ccode\u003e@​cybercoded\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/575\"\u003etheskumar/python-dotenv#575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/583\"\u003etheskumar/python-dotenv#583\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.0\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.1.1...v1.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ensure find_dotenv work reliably on python 3.13 by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/563\"\u003etheskumar/python-dotenv#563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cli): issue with execvpe on Windows by \u003ca href=\"https://github.com/wrongontheinternet\"\u003e\u003ccode\u003e@​wrongontheinternet\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/566\"\u003etheskumar/python-dotenv#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wrongontheinternet\"\u003e\u003ccode\u003e@​wrongontheinternet\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/566\"\u003etheskumar/python-dotenv#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.1.1\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.1.0...v1.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a security policy by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/512\"\u003etheskumar/python-dotenv#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eKeep GitHub Actions up to date with GitHub's Dependabot by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/506\"\u003etheskumar/python-dotenv#506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: fix multiline string in test.yml \u0026amp; use fail-fast strategy by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/514\"\u003etheskumar/python-dotenv#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance dotenv run: Switch to execvpe for better resource management and signal handling by \u003ca href=\"https://github.com/eekstunt\"\u003e\u003ccode\u003e@​eekstunt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/523\"\u003etheskumar/python-dotenv#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add py3.13 to test.yml by \u003ca href=\"https://github.com/waketzheng\"\u003e\u003ccode\u003e@​waketzheng\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/527\"\u003etheskumar/python-dotenv#527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Python 3.13 trove classifier by \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/535\"\u003etheskumar/python-dotenv#535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/529\"\u003etheskumar/python-dotenv#529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for python 3.13 and drop 3.8 by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/551\"\u003etheskumar/python-dotenv#551\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update README.md by \u003ca href=\"https://github.com/chapeupreto\"\u003e\u003ccode\u003e@​chapeupreto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/516\"\u003etheskumar/python-dotenv#516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSome more s/Python-dotenv/python-dotenv/ by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/552\"\u003etheskumar/python-dotenv#552\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.1] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMove more config to \u003ccode\u003epyproject.toml\u003c/code\u003e, removed \u003ccode\u003esetup.cfg\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for reading \u003ccode\u003e.env\u003c/code\u003e from FIFOs (Unix) by [\u003ca href=\"https://github.com/sidharth-sudhir\"\u003e\u003ccode\u003e@​sidharth-sudhir\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0] - 2025-10-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade build system to use PEP 517 \u0026amp; PEP 518 to use \u003ccode\u003ebuild\u003c/code\u003e and \u003ccode\u003epyproject.toml\u003c/code\u003e by [\u003ca href=\"https://github.com/EpicWink\"\u003e\u003ccode\u003e@​EpicWink\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/583\"\u003e#583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by [\u003ca href=\"https://github.com/23f3001135\"\u003e\u003ccode\u003e@​23f3001135\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/579\"\u003e#579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for disabling of \u003ccode\u003eload_dotenv()\u003c/code\u003e using \u003ccode\u003ePYTHON_DOTENV_DISABLED\u003c/code\u003e env var. by [\u003ca href=\"https://github.com/matthewfranglen\"\u003e\u003ccode\u003e@​matthewfranglen\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/569\"\u003e#569\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.1] - 2025-06-24\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Ensure \u003ccode\u003efind_dotenv\u003c/code\u003e work reliably on python 3.13 by [\u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/563\"\u003e#563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI: revert the use of execvpe on Windows by [\u003ca href=\"https://github.com/wrongontheinternet\"\u003e\u003ccode\u003e@​wrongontheinternet\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/566\"\u003e#566\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.1.0] - 2025-03-25\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for python 3.13\u003c/li\u003e\n\u003cli\u003eEnhance \u003ccode\u003edotenv run\u003c/code\u003e, switch to \u003ccode\u003eexecvpe\u003c/code\u003e for better resource management and signal handling (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/523\"\u003e#523\u003c/a\u003e) by [\u003ca href=\"https://github.com/eekstunt\"\u003e\u003ccode\u003e@​eekstunt\u003c/code\u003e\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003efind_dotenv\u003c/code\u003e and \u003ccode\u003eload_dotenv\u003c/code\u003e now correctly looks up at the current directory when running in debugger or pdb (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/553\"\u003e#553\u003c/a\u003e by [\u003ca href=\"https://github.com/randomseed42\"\u003e\u003ccode\u003e@​randomseed42\u003c/code\u003e\u003c/a\u003e])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eaf2a9129ccec6febda0f741eb3bb852c3f947bd\"\u003e\u003ccode\u003eeaf2a91\u003c/code\u003e\u003c/a\u003e Do not remove .coverage file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/8716196891532eeb67d24a513e8d975437f5e8b7\"\u003e\u003ccode\u003e8716196\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.0 → 1.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/b87807fcad6e74332c3c63a75c92ce5814fa7a55\"\u003e\u003ccode\u003eb87807f\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/3af77d3029eb717aeec0a3c25f751b6a614a6d3c\"\u003e\u003ccode\u003e3af77d3\u003c/code\u003e\u003c/a\u003e Support reading .env from FIFOs (Unix) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/586\"\u003e#586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/467ee22fccb2fb7ccda71a0d9e37c6ea3cb8d993\"\u003e\u003ccode\u003e467ee22\u003c/code\u003e\u003c/a\u003e Fix test failures after moving config to pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/76999e741d87e958ebd74e3ae9834c0514e77a59\"\u003e\u003ccode\u003e76999e7\u003c/code\u003e\u003c/a\u003e Move more config pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/222ce2cc58ebc82ba78da8781269267b9f585932\"\u003e\u003ccode\u003e222ce2c\u003c/code\u003e\u003c/a\u003e Update to use trusted publisher on pypi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/8ed4f79d202eba582b44bdf1f5deb726dd68783d\"\u003e\u003ccode\u003e8ed4f79\u003c/code\u003e\u003c/a\u003e Update docs requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/5bf882241c607445bf02cf5b241535d62e2b99c1\"\u003e\u003ccode\u003e5bf8822\u003c/code\u003e\u003c/a\u003e Bump version: 1.1.1 → 1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1fe11cc737ee4399e9c51d1b69b0dd858f6b4669\"\u003e\u003ccode\u003e1fe11cc\u003c/code\u003e\u003c/a\u003e upadate changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.0.1...v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.32.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6965\"\u003e#6965\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6926\"\u003e#6926\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNumerous documentation improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for pypy 3.11 for Linux and macOS.\u003c/li\u003e\n\u003cli\u003eDropped support for pypy 3.9 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b25c87d7cb8d6a18a37fa12442b5f883f9e41741\"\u003e\u003ccode\u003eb25c87d\u003c/code\u003e\u003c/a\u003e v2.32.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/131e506079d97606e4214cc4d87b780ac478de7a\"\u003e\u003ccode\u003e131e506\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/7010\"\u003e#7010\u003c/a\u003e from psf/dependabot/github_actions/actions/checkout-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b336cb2bc616a63a93c6470c558fc1f576b77f90\"\u003e\u003ccode\u003eb336cb2\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.2.0 to 5.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/46e939b5525d9c72b677340985582b04b128478a\"\u003e\u003ccode\u003e46e939b\u003c/code\u003e\u003c/a\u003e Update publish workflow to use \u003ccode\u003eartifact-id\u003c/code\u003e instead of \u003ccode\u003ename\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/4b9c546aa3f35fca6ca24945376fe7462bb007c4\"\u003e\u003ccode\u003e4b9c546\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/psf/requests/issues/6999\"\u003e#6999\u003c/a\u003e from psf/dependabot/github_actions/step-security/har...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7618dbef01d333f23ba4b9c4d97397b06dd89cb6\"\u003e\u003ccode\u003e7618dbe\u003c/code\u003e\u003c/a\u003e Bump step-security/harden-runner from 2.12.0 to 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2edca11103c1c27dd8b572dab544b7f48cf3b446\"\u003e\u003ccode\u003e2edca11\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 and drop support for Python 3.8 (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6993\"\u003e#6993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/fec96cd5976ad763e45bac9a033d62cca1877a00\"\u003e\u003ccode\u003efec96cd\u003c/code\u003e\u003c/a\u003e Update Makefile rules (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6996\"\u003e#6996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d58d8aa2f45c3575268d6d5250745ef69f9cf8b7\"\u003e\u003ccode\u003ed58d8aa\u003c/code\u003e\u003c/a\u003e docs: clarify timeout parameter uses seconds in Session.request (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6994\"\u003e#6994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/91a3eabd3dcc4d7f36dd8249e4777a90ef9b4305\"\u003e\u003ccode\u003e91a3eab\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 3.28.5 to 3.29.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.32.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 25.1.1 to 26.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.0.1 (2026-02-04)\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e--pre\u003c/code\u003e not being respected from the command line when a requirement file\nincludes an option e.g. \u003ccode\u003e-extra-index-url\u003c/code\u003e. (\u003ccode\u003e[#13788](https://github.com/pypa/pip/issues/13788) \u0026lt;https://github.com/pypa/pip/issues/13788\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e26.0 (2026-01-30)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for non-bare project names in egg fragments. Affected users should use\nthe \u003ccode\u003eDirect URL requirement syntax \u0026lt;https://packaging.python.org/en/latest/specifications/version-specifiers/#direct-references\u0026gt;\u003c/code\u003e\u003cem\u003e. (\u003ccode\u003e[#13157](https://github.com/pypa/pip/issues/13157) \u0026lt;https://github.com/pypa/pip/issues/13157\u0026gt;\u003c/code\u003e\u003c/em\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDisplay pip's command-line help in colour, if possible. (\u003ccode\u003e[#12134](https://github.com/pypa/pip/issues/12134) \u0026lt;https://github.com/pypa/pip/issues/12134\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport installing dependencies declared with inline script metadata\n(:pep:\u003ccode\u003e723\u003c/code\u003e) with \u003ccode\u003e--requirements-from-script\u003c/code\u003e. (\u003ccode\u003e[#12891](https://github.com/pypa/pip/issues/12891) \u0026lt;https://github.com/pypa/pip/issues/12891\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--all-releases\u003c/code\u003e and \u003ccode\u003e--only-final\u003c/code\u003e options to control pre-release\nand final release selection during package installation. (\u003ccode\u003e[#13221](https://github.com/pypa/pip/issues/13221) \u0026lt;https://github.com/pypa/pip/issues/13221\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e option to only consider packages uploaded prior to\na given datetime when the \u003ccode\u003eupload-time\u003c/code\u003e field is available from a remote index. (\u003ccode\u003e[#13625](https://github.com/pypa/pip/issues/13625) \u0026lt;https://github.com/pypa/pip/issues/13625\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003e--use-feature inprocess-build-deps\u003c/code\u003e to request that build dependencies are installed\nwithin the same pip install process. This new mechanism is faster, supports \u003ccode\u003e--no-clean\u003c/code\u003e\nand \u003ccode\u003e--no-cache-dir\u003c/code\u003e reliably, and supports prompting for authentication.\u003c/p\u003e\n\u003cp\u003eEnabling this feature will also enable \u003ccode\u003e--use-feature build-constraints\u003c/code\u003e. This feature will\nbecome the default in a future pip version. (\u003ccode\u003e[#9081](https://github.com/pypa/pip/issues/9081) \u0026lt;https://github.com/pypa/pip/issues/9081\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003epip cache purge\u003c/code\u003e and \u003ccode\u003epip cache remove\u003c/code\u003e now clean up empty directories\nand legacy files left by older pip versions. (\u003ccode\u003e[#9058](https://github.com/pypa/pip/issues/9058) \u0026lt;https://github.com/pypa/pip/issues/9058\u0026gt;\u003c/code\u003e_)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix selecting pre-release versions when only pre-releases match.\nFor example, \u003ccode\u003epackage\u0026gt;1.0\u003c/code\u003e with versions \u003ccode\u003e1.0, 2.0rc1\u003c/code\u003e now installs\n\u003ccode\u003e2.0rc1\u003c/code\u003e instead of failing. (\u003ccode\u003e[#13746](https://github.com/pypa/pip/issues/13746) \u0026lt;https://github.com/pypa/pip/issues/13746\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRevisions in version control URLs now must be percent-encoded.\nFor example, use \u003ccode\u003egit+https://example.com/repo.git@issue%231\u003c/code\u003e to specify the branch \u003ccode\u003eissue#1\u003c/code\u003e.\nIf you previously used a branch name containing a \u003ccode\u003e%\u003c/code\u003e character in a version control URL, you now need to replace it with \u003ccode\u003e%25\u003c/code\u003e to ensure correct percent-encoding. (\u003ccode\u003e[#13407](https://github.com/pypa/pip/issues/13407) \u0026lt;https://github.com/pypa/pip/issues/13407\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePreserve original casing when a path is displayed. (\u003ccode\u003e[#6823](https://github.com/pypa/pip/issues/6823) \u0026lt;https://github.com/pypa/pip/issues/6823\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix bash completion when the \u003ccode\u003e$IFS\u003c/code\u003e variable has been modified from its default. (\u003ccode\u003e[#13555](https://github.com/pypa/pip/issues/13555) \u0026lt;https://github.com/pypa/pip/issues/13555\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003ePrecompute Python requirements on each candidate, reducing time of long resolutions. (\u003ccode\u003e[#13656](https://github.com/pypa/pip/issues/13656) \u0026lt;https://github.com/pypa/pip/issues/13656\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eSkip redundant work converting version objects to strings when using the\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/5fe4ea4f24cd9756316a4b5ef05daa15d84f7d0c\"\u003e\u003ccode\u003e5fe4ea4\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/bea3cbe3b4d637be6d5007e9a5a2327e500b00d8\"\u003e\u003ccode\u003ebea3cbe\u003c/code\u003e\u003c/a\u003e windows fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ed22252bd19a71ce351b84405fa23230ca45ceea\"\u003e\u003ccode\u003eed22252\u003c/code\u003e\u003c/a\u003e News Entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/af1327407f048bd2310b8b633f8e8a4e41c38d2c\"\u003e\u003ccode\u003eaf13274\u003c/code\u003e\u003c/a\u003e Match release control behavior to the same as format control behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f4d4a836ed00076001376fbb0ce6dc4f22cdae2\"\u003e\u003ccode\u003e2f4d4a8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13779\"\u003e#13779\u003c/a\u003e from notatallshaw/fix-26.0-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/04307a42261749cfa1c86a5537ad88f44ed2a41a\"\u003e\u003ccode\u003e04307a4\u003c/code\u003e\u003c/a\u003e fix 26.0 news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/6ec7b0a488f614a7632442fe7c651957fdb5fc85\"\u003e\u003ccode\u003e6ec7b0a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13775\"\u003e#13775\u003c/a\u003e from notatallshaw/release/26.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/4104356cd83d1614af45d203d64cb84705dad9d2\"\u003e\u003ccode\u003e4104356\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/58be8836b68814295d33bc5c56c38d3a0659ae81\"\u003e\u003ccode\u003e58be883\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/66f2dece5ba9cc0ee9fe7035c46ba4b0756559b5\"\u003e\u003ccode\u003e66f2dec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13778\"\u003e#13778\u003c/a\u003e from ichard26/docs/groups\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.1.1...26.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.14.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/60782ad107e538b9312aac7e1c119c8358bf797c\"\u003e\u003ccode\u003e60782ad\u003c/code\u003e\u003c/a\u003e Reject Content-Length longer 1 billion TB\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/dff7cc397a26ed4acdedd92d1bda6c8f18a6ed9f\"\u003e\u003ccode\u003edff7cc3\u003c/code\u003e\u003c/a\u003e Validate Chunked-Encoding chunk footer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-hyper/h11/compare/v0.14.0...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.6 to 3.1.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.8\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.8 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.8/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.8/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-8\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-8\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/45?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/45?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e and \u003ccode\u003eget_host\u003c/code\u003e return the empty string if the header is missing or has invalid characters. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3142\"\u003e#3142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.7\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.7 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.7/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.7/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-7\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-7\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/44?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/44?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eparse_list_header\u003c/code\u003e preserves partially quoted items, discards empty items, and returns empty for unclosed quoted values. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3128\"\u003e#3128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWWWAuthenticate.to_header\u003c/code\u003e does not produce a trailing space when there are no parameters. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3127\"\u003e#3127\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eTransfer-Encoding\u003c/code\u003e is parsed as a set. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3134\"\u003e#3134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e, \u003ccode\u003eget_host\u003c/code\u003e, and \u003ccode\u003ehost_is_trusted\u003c/code\u003e validate the characters of the value. An empty value is no longer allowed. A Unix socket server address is ignored. The \u003ccode\u003etrusted_list\u003c/code\u003e argument to \u003ccode\u003ehost_is_trusted\u003c/code\u003e is optional. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3113\"\u003e#3113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix multipart form parser handling of newline at boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3088\"\u003e#3088\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it is not a satisfiable range request. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3108\"\u003e#3108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emerge_slashes\u003c/code\u003e merges any number of consecutive slashes. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3121\"\u003e#3121\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.8\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e and \u003ccode\u003eget_host\u003c/code\u003e return the empty string if the header is\nmissing or has invalid characters. :issue:\u003ccode\u003e3142\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.7\u003c/h2\u003e\n\u003cp\u003eReleased 2026-03-23\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eparse_list_header\u003c/code\u003e preserves partially quoted items, discards empty\nitems, and returns empty for unclosed quoted values. :pr:\u003ccode\u003e3128\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWWWAuthenticate.to_header\u003c/code\u003e does not produce a trailing space when there\nare no parameters. :issue:\u003ccode\u003e3127\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eTransfer-Encoding\u003c/code\u003e is parsed as a set. :pr:\u003ccode\u003e3134\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.host\u003c/code\u003e, \u003ccode\u003eget_host\u003c/code\u003e, and \u003ccode\u003ehost_is_trusted\u003c/code\u003e validate the\ncharacters of the value. An empty value is no longer allowed. A Unix socket\nserver address is ignored. The \u003ccode\u003etrusted_list\u003c/code\u003e argument to\n\u003ccode\u003ehost_is_trusted\u003c/code\u003e is optional. :pr:\u003ccode\u003e3113\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix multipart form parser handling of newline at boundary. :issue:\u003ccode\u003e3088\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003emerge_slashes\u003c/code\u003e merges any number of consecutive slashes. :issue:\u003ccode\u003e3121\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/c1a26b45fb06d5e086b4d6be820c3302f588d815\"\u003e\u003ccode\u003ec1a26b4\u003c/code\u003e\u003c/a\u003e release version 3.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/7926f0bc3a0da01827e59c81d6da55f8f75a2eed\"\u003e\u003ccode\u003e7926f0b\u003c/code\u003e\u003c/a\u003e relax get_host strictness (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3148\"\u003e#3148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/deab88f61fa57d37d19f83ea438d4bdebb5a743c\"\u003e\u003ccode\u003edeab88f\u003c/code\u003e\u003c/a\u003e relax get_host strictness\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/65eb6398231fe94f32fbc765a74980ca61fe5d2b\"\u003e\u003ccode\u003e65eb639\u003c/code\u003e\u003c/a\u003e start version 3.1.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/7720b76b37b17a33e5414bddb992c92ba854f0e3\"\u003e\u003ccode\u003e7720b76\u003c/code\u003e\u003c/a\u003e release version 3.1.7 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3135\"\u003e#3135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/005d93bf3437226ab185d2edc6132918d3e45763\"\u003e\u003ccode\u003e005d93b\u003c/code\u003e\u003c/a\u003e release version 3.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/c328342ef9f7a6476b9e41565ad0a70ff10cfde6\"\u003e\u003ccode\u003ec328342\u003c/code\u003e\u003c/a\u003e merge any number of slashes (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/23142a3cb5d1b5ba8e9914980934477e0abdc30e\"\u003e\u003ccode\u003e23142a3\u003c/code\u003e\u003c/a\u003e merge any number of slashes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/b913d68db5898c8f3def3c09a653aaf95abe38e5\"\u003e\u003ccode\u003eb913d68\u003c/code\u003e\u003c/a\u003e always set accept-ranges header\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f282943ddc687e613b7ee79b4677e4961c32ae15\"\u003e\u003ccode\u003ef282943\u003c/code\u003e\u003c/a\u003e Correct 1049dd6b2a363e1ef302b4161c340fb8582f627a\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compa...\n\n_Description has been truncated_","html_url":"https://github.com/BoundaryML/baml/pull/3495","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BoundaryML%2Fbaml/issues/3495","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3495/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-06T23:44:26.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4395147520","node_id":"PR_kwDOQtfFwc7Y9aDA","number":12,"state":"closed","title":"chore(deps): bump the uv group across 12 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T01:42:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T23:44:26.000Z","updated_at":"2026-05-09T01:42:51.000Z","time_to_close":179903,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":15,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 8 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.10.0` | `1.24.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_multiagent_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.2.1` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/mayoubm1/TTS-STT-Gemini-OS-generative-ai/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mayoubm1%2FTTS-STT-Gemini-OS-generative-ai/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-06T23:42:36.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4395141052","node_id":"PR_kwDOQrUBhs7Y9Yrd","number":7,"state":"closed","title":"chore(deps): bump the uv group across 11 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T00:24:32.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T23:42:36.000Z","updated_at":"2026-05-09T00:24:34.000Z","time_to_close":175316,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":15,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 8 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.10.0` | `1.24.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_multiagent_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed O...\n\n_Description has been truncated_","html_url":"https://github.com/4xiaxia/generative-ai/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/4xiaxia%2Fgenerative-ai/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-06T23:41:39.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4395138178","node_id":"PR_kwDOQrMXrc7Y9YFq","number":16,"state":"closed","title":"chore(deps): bump the uv group across 12 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T01:32:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T23:41:39.000Z","updated_at":"2026-05-09T01:32:33.000Z","time_to_close":179452,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":15,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 8 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [smolagents](https://github.com/huggingface/smolagents) | `1.10.0` | `1.24.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 7 updates in the /gemini/mcp/adk_multiagent_mcp_app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.5` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.4.0` | `2.6.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.95.0` | `1.133.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.27` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.2.1` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/AntwerpDesignsIonity/generative-ai/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntwerpDesignsIonity%2Fgenerative-ai/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-06T21:39:27.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4394612831","node_id":"PR_kwDOQrMXrc7Y7sMx","number":15,"state":"closed","title":"chore(deps): bump the uv group across 10 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T23:41:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T21:39:27.000Z","updated_at":"2026-05-06T23:41:45.000Z","time_to_close":7336,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 7 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/image-background-changer-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.2.1` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81...\n\n_Description has been truncated_","html_url":"https://github.com/AntwerpDesignsIonity/generative-ai/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AntwerpDesignsIonity%2Fgenerative-ai/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-06T21:39:23.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4394612396","node_id":"PR_kwDOQrUBhs7Y7sHE","number":6,"state":"closed","title":"chore(deps): bump the uv group across 9 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T23:42:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T21:39:23.000Z","updated_at":"2026-05-06T23:42:42.000Z","time_to_close":7397,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 7 updates in the /gemini/agents/genai-experience-concierge/langgraph-demo/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.49` | `1.2.28` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.1.0` | `1.2.2` |\n\nBumps the uv group with 7 updates in the /gemini/evaluation/synthetic-data-evals directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.0.1` | `1.2.2` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.83.0` | `1.133.0` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [gunicorn](https://github.com/benoitc/gunicorn).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [python-dotenv](https://github.com/theskumar/python-dotenv), [pytest](https://github.com/pytest-dev/pytest) and [flask](https://github.com/pallets/flask).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https:...\n\n_Description has been truncated_","html_url":"https://github.com/4xiaxia/generative-ai/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/4xiaxia%2Fgenerative-ai/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"0.6.1","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-06T16:15:28.000Z","version_change":"0.6.1 → 0.6.3","issue":{"uuid":"4392856629","node_id":"PR_kwDOQrUBhs7Y18PJ","number":5,"state":"closed","title":"chore(deps): bump the uv group across 7 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-06T21:39:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T16:15:28.000Z","updated_at":"2026-05-06T21:39:29.000Z","time_to_close":19439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":13,"packages":[{"name":"pip","old_version":"25.0.1","new_version":"26.1","repository_url":"https://github.com/pypa/pip"},{"name":"protobuf","old_version":"5.29.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.6.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"requests","old_version":"2.32.3","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"urllib3","old_version":"2.3.0","new_version":"2.6.3","repository_url":"https://github.com/urllib3/urllib3"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 5 updates in the /gemini/agents/genai-experience-concierge directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [pip](https://github.com/pypa/pip) | `25.0.1` | `26.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.29.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.3.0` | `2.6.3` |\n\nBumps the uv group with 5 updates in the /gemini/sample-apps/quickbot/linkedin-profile-image-generation-using-imagen3/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.1.0` | `12.2.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /gemini/sample-apps/quickbot/text-to-image-using-imagen3/backend directory: [requests](https://github.com/psf/requests), [urllib3](https://github.com/urllib3/urllib3), [gunicorn](https://github.com/benoitc/gunicorn) and [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the uv group with 6 updates in the /gemini/sample-apps/quickbot/website-search-using-agent-builder/backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.16` | `2.6.3` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.69.0` | `1.133.0` |\n| [langchain-community](https://github.com/langchain-ai/langchain-community) | `0.3.1` | `0.3.27` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `0.3.9` | `1.2.28` |\n\nBumps the uv group with 1 update in the /gemini/sample-apps/swot-agent directory: [pytest](https://github.com/pytest-dev/pytest).\nBumps the uv group with 5 updates in the /gemini/tuning/genai-mlops-tune-and-eval directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.1` | `0.6.3` |\n| [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `1.26.20` | `2.6.3` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.87.0` | `1.133.0` |\n\nBumps the uv group with 4 updates in the /search/cloud-function/python directory: [protobuf](https://github.com/protocolbuffers/protobuf), [pytest](https://github.com/pytest-dev/pytest), [flask](https://github.com/pallets/flask) and [python-dotenv](https://github.com/theskumar/python-dotenv).\n\nUpdates `pip` from 25.0.1 to 26.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1 (2026-04-26)\u003c/h1\u003e\n\u003ch2\u003eDeprecations and Removals\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9. (\u003ccode\u003e[#13795](https://github.com/pypa/pip/issues/13795) \u0026lt;https://github.com/pypa/pip/issues/13795\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd experimental support to read requirements from standardized pylock.toml files (\u003ccode\u003e-r pylock.toml\u003c/code\u003e). (\u003ccode\u003e[#13876](https://github.com/pypa/pip/issues/13876) \u0026lt;https://github.com/pypa/pip/issues/13876\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003e--uploaded-prior-to\u003c/code\u003e to accept a duration in days (e.g., \u003ccode\u003eP3D\u003c/code\u003e for 3 days ago). (\u003ccode\u003e[#13674](https://github.com/pypa/pip/issues/13674) \u0026lt;https://github.com/pypa/pip/issues/13674\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eEnhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up dependency resolution when there are complex conflicts. (\u003ccode\u003e[#13859](https://github.com/pypa/pip/issues/13859) \u0026lt;https://github.com/pypa/pip/issues/13859\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eReduce memory usage when resolving large dependency trees. (\u003ccode\u003e[#13843](https://github.com/pypa/pip/issues/13843) \u0026lt;https://github.com/pypa/pip/issues/13843\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eEmit a deprecation warning when pip imports an unexpected module after\ninstallation of a distribution has started. (\u003ccode\u003e[#13912](https://github.com/pypa/pip/issues/13912) \u0026lt;https://github.com/pypa/pip/issues/13912\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow URL constraints to apply to requirements with extras. (\u003ccode\u003e[#12018](https://github.com/pypa/pip/issues/12018) \u0026lt;https://github.com/pypa/pip/issues/12018\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eAllow unpinned requirements to use hashes from constraints. Constraints\nlike \u003ccode\u003e{name}=={version} --hash=...\u003c/code\u003e feeds into hash verification for\na corresponding requirement. (\u003ccode\u003e[#9243](https://github.com/pypa/pip/issues/9243) \u0026lt;https://github.com/pypa/pip/issues/9243\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eImprove conflict reports that involve direct URLs. (\u003ccode\u003e[#13932](https://github.com/pypa/pip/issues/13932) \u0026lt;https://github.com/pypa/pip/issues/13932\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow all errors instead of first error for faulty \u003ccode\u003edependency_groups\u003c/code\u003e definitions. (\u003ccode\u003e[#13917](https://github.com/pypa/pip/issues/13917) \u0026lt;https://github.com/pypa/pip/issues/13917\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix recovery hint for missing RECORD file to use \u003ccode\u003e--ignore-installed\u003c/code\u003e\ninstead of \u003ccode\u003e--force-reinstall\u003c/code\u003e. (\u003ccode\u003e[#12645](https://github.com/pypa/pip/issues/12645) \u0026lt;https://github.com/pypa/pip/issues/12645\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix misleading error message when a constraint file cannot be opened. (\u003ccode\u003e[#13226](https://github.com/pypa/pip/issues/13226) \u0026lt;https://github.com/pypa/pip/issues/13226\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eShow the filename rather than the full URL when downloading files from non-PyPI indexes in non-verbose mode. (\u003ccode\u003e[#13494](https://github.com/pypa/pip/issues/13494) \u0026lt;https://github.com/pypa/pip/issues/13494\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eRemove the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13725](https://github.com/pypa/pip/issues/13725) \u0026lt;https://github.com/pypa/pip/issues/13725\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eForce UTF-8 encoding for :pep:\u003ccode\u003e723\u003c/code\u003e metadata. (\u003ccode\u003e[#13861](https://github.com/pypa/pip/issues/13861) \u0026lt;https://github.com/pypa/pip/issues/13861\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eMinor performance improvement when filtering candidates during resolution. (\u003ccode\u003e[#13916](https://github.com/pypa/pip/issues/13916) \u0026lt;https://github.com/pypa/pip/issues/13916\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix a hang on Windows when stdout is closed during verbose output. (\u003ccode\u003e[#13927](https://github.com/pypa/pip/issues/13927) \u0026lt;https://github.com/pypa/pip/issues/13927\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eCommon path prefixes are determined by path segment, not character by character. (\u003ccode\u003e[#13847](https://github.com/pypa/pip/issues/13847) \u0026lt;https://github.com/pypa/pip/issues/13847\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installing \u003ccode\u003e.tar.gz\u003c/code\u003e source distributions that look like a zip file. (\u003ccode\u003e[#13867](https://github.com/pypa/pip/issues/13867) \u0026lt;https://github.com/pypa/pip/issues/13867\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVendored Libraries\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade certifi to 2026.2.25\u003c/li\u003e\n\u003cli\u003eUpgrade packaging to 26.2\u003c/li\u003e\n\u003cli\u003eUpgrade requests to 2.33.1\u003c/li\u003e\n\u003cli\u003eUpgrade tomli to 2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade urllib3 to 2.6.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/90b2b3e0f7ef75c485155716d904e51654575803\"\u003e\u003ccode\u003e90b2b3e\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/193f289a6201f801b23885297332461ac8a65b6b\"\u003e\u003ccode\u003e193f289\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/63c3709071c9596d7f4676502a90a3b06f241772\"\u003e\u003ccode\u003e63c3709\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13876\"\u003e#13876\u003c/a\u003e from sbidoul/install-from-pylock-reqs-sbi\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/e5fe7023ffe74a5895571eaf57bdd2989018fbf2\"\u003e\u003ccode\u003ee5fe702\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13949\"\u003e#13949\u003c/a\u003e from pypa/revert-13888-resolver-editable-links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/122a14a8cd3dae7b3e959641f0b45849d4b21618\"\u003e\u003ccode\u003e122a14a\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Allow editable installs to satisfy direct-URL dependencies (\u003ca href=\"https://redirect.github.com/pypa/pip/issues/13888\"\u003e#13888\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/c3352524aae95ae959d4727dda5b5c65752261b3\"\u003e\u003ccode\u003ec335252\u003c/code\u003e\u003c/a\u003e -r pylock.toml: add pip-wheel -r pylock.toml test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/ba2fc12b7f386d89e233bdfd49e7b89d1af57ad1\"\u003e\u003ccode\u003eba2fc12\u003c/code\u003e\u003c/a\u003e -r pylock.toml: proper error with remote pylock.toml containing directory ent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/747c4ae88837a8bb13946fe9d1b612c162a2e3df\"\u003e\u003ccode\u003e747c4ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/13948\"\u003e#13948\u003c/a\u003e from ichard26/reword-news\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/3517841c5e2d92e04dbef52c61a8fa967c059efa\"\u003e\u003ccode\u003e3517841\u003c/code\u003e\u003c/a\u003e -r pylock: refine filename pylock-ness test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/2f7ad8caeed4471e63958df6cacba3a66a215588\"\u003e\u003ccode\u003e2f7ad8c\u003c/code\u003e\u003c/a\u003e -r pylock.toml: fix crash with pip wheel and pip lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/25.0.1...26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobuf` from 5.29.4 to 5.29.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protocolbuffers/protobuf/releases\"\u003eprotobuf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eProtocol Buffers v34.0-rc1\u003c/h2\u003e\n\u003ch1\u003eAnnouncements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis version includes breaking changes to: C++, Objective-C, PHP, Python.\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e[Bazel] Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make generator headers private (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3a2af3510f0d454dbe3e4dc281674b61c4d20b9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add a debug check that the target of CopyFrom is not a descendant of the source. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/7a7589823d2cfaaf7994b050e98d5d553bc9b1c1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Add [[nodiscard]] to many APIs. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/a70115f33f9af2c4b2202c800b84837e7fe0d738\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Make the arena-enabled constructors of \u003ccode\u003eRepeatedField\u003c/code\u003e, \u003ccode\u003eRepeatedPtrField\u003c/code\u003e, and \u003ccode\u003eMap\u003c/code\u003e private. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ef890c3d0c79398c70e047fe5dd893f460ba2336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Removes proto2::util::MessageDifferencer::AddIgnoreCriteria that takes a raw pointer as an argument in favor of the overload that takes a unique_ptr. Remove macro PROTOBUF_FUTURE_REMOVE_ADD_IGNORE_CRITERIA (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b115358c64127896fed88b8b5ef5d91d86d8cbae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::has_optional_keyword() in OSS. Use is_repeated() or has_presence() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/68346ec9348e932664e58c3ecdcd1478f95233a8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove AddUnusedImportTrackFile() and ClearUnusedImportTrackFiles(). Remove PROTOBUF_FUTURE_RENAME_ADD_UNUSED_IMPORT (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/837a2cd1d6c75402b2503ffe7cd8aeaf25868536\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated FieldDescriptor::is_optional() in OSS. Use (!is_required() \u0026amp;\u0026amp; !is_repeated()) instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9dbc5d479a8e453921485d8d3de47fb3c005f1af\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[C++] All entity names have length limit (2afb0dc)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003egenerate_minimal_imports\u003c/code\u003e generation option warning (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/45b1297fdaad5a9436d0e207422168c38dc45ac4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Fix nullability annotations on some \u003ccode\u003eGPB*Dictionary\u003c/code\u003e types. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ea67d6d26a48478a567c404679e3bb99cf230d50\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ObjC] Remove \u003ccode\u003e-[GPBFieldDescriptor optional]\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/3414dc151eb4dcbdb2ca952e2589993bf7af75c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Other] Remove deprecated flag for enabling MSVC support (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/97c979be6e0907e1051bee62584dac4594e73fa7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9c45014099a4f7004fab6dd1278de2f4f2a393c5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP] Remove deprecated PHP APIs FieldDescriptor getLabel, use IsRepeated or isRequired instead. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cd76e675b14d00dda5623b30835d2bc7105fccc6\u003c/a\u003e, \u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/42081219920c6fad17ba6ddd1e28d111bcfb3345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  Add PHP typehints for setters and remove redundant GPBUtil checks (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25296\"\u003eprotocolbuffers/protobuf#25296\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/aee03b78929c02461a5f9d8e136a2a016359b0cd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[PHP]  support default values for editions/proto2 (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/pull/25161\"\u003eprotocolbuffers/protobuf#25161\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b01099d56350551bae3da88b97bf3027274c9f17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise errors in OSS when assign bool to int/enum field in Python Proto. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/5b116fe2f14f49dd0cc3b76089983717f211025c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_format/double_format from python proto text_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/e4854a186e0bfa867d5bfa5cd850608a948fd488\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Raise TypeError when convert non-timedelta to Duration, or convert non-datetime to Timestamp in python proto. (Original code may raise ArributeError) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/00aaca1b4d98954bc2933d7c8a5379ba6088124c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove float_precision from python proto json_format (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f027f1fcd52b9d080b7ee79f4024f53cf54e0dc5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor::label() in OSS. Use is_repeated() or is_required() instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/b76faa921fdd244f374c7be0bddd4050fc42c292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated FieldDescriptor.label (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a8ff55518ea5874478ad5b26515b31d186045a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python] Remove deprecated UseDeprecatedLegacyJsonFieldConflicts() (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/c301c2ca286327a21c50c0c4cd877afc9c655b00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/news/\"\u003eProtobuf News\u003c/a\u003e may include additional announcements or pre-announcements for upcoming changes.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://protobuf.dev/support/migration/\"\u003eMigration Guide\u003c/a\u003e may include additional guidance for breaking changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBazel\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: cc_toolchain should prefer protoc when prebuilt flag is flipped. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/25168\"\u003e#25168\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8c857c3a1c6a106b0a096f1c9fa504bfaca035a9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBreaking change: Remove deprecated ProtoInfo.transitive_imports. Use equivalent transitive_sources instead (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/0a5c2f6b633c1e5259f566cb42d30fe347b8aadb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFeat(bazel): wire up prebuilt protoc toolchain (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/24115\"\u003e#24115\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/cc23698b486e690ea2eb873cc7596a87c74a3ba6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eproto_descriptor_set\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/23369\"\u003e#23369\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/8d4dfdd39a7a242a9ed631a6ab2192c57dd9b9c8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eCompiler\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRuby codegen: support generation of rbs files (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/15633\"\u003e#15633\u003c/a\u003e) (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/6ebdf851ba78728f0aa145d38454ed9a316fb08d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid collision name problems between a message named \u003ccode\u003eXyz\u003c/code\u003e and a direct sibling enum named \u003ccode\u003eXyzView\u003c/code\u003e (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/eba53e8f172b273d679759a72ce4250131ee3df1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneralizing and implementing ValidateFeatureSupport for both Options and Features during proto parsing (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/ed3c57114d8e2b47cca7697ddaa50c1b3762a6b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug with custom features outside of the \u003ccode\u003epb\u003c/code\u003e package. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/872d3ce7a4da00d7dcec33ced20cfe45235935e8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix import option handling when include_imports isn't set. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/9ef9e80afd9bc8379d578fe67e5ab0738728c04e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a bug in STRICT check of namespaced enums to properly check for 'reserved 1 to max' (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/1229d4adba24c0952ab85ce96bc7b7f8a1fe6d0f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent accidental stripping of \u003ccode\u003edebug_redact\u003c/code\u003e options via import option. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/f58b098bffa7ca4045ef7773b09151a6af5d0c28\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eC++\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd EnumerateEnumValues function. (\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\"\u003ehttps://github.com/protocolbuffers/protobuf/commit/397d5d99db274b379d1384814074bf7df39d32f7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyasn1` from 0.6.1 to 0.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/releases\"\u003epyasn1's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 0.6.3\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded nesting depth limit to ASN.1 decoder to prevent stack overflow from deeply nested structures (CVE-2026-30922).\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field.\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes.\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eRelease 0.6.2\u003c/h2\u003e\n\u003cp\u003eIt's a minor release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490).\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy.\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAll changes are noted in the \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/master/CHANGES.rst\"\u003eCHANGELOG\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst\"\u003epyasn1's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRevision 0.6.3, released 16-03-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth\nlimit to ASN.1 decoder to prevent stack overflow from deeply\nnested structures (thanks for reporting, romanticpragmatism)\u003c/li\u003e\n\u003cli\u003eFixed OverflowError from oversized BER length field\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003e#54\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/54\"\u003epyasn1/pyasn1#54\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/100\"\u003epyasn1/pyasn1#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed DeprecationWarning stacklevel for deprecated attributes\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003e#86\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/86\"\u003epyasn1/pyasn1#86\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/101\"\u003epyasn1/pyasn1#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed asDateTime incorrect fractional seconds parsing\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003e#81\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/81\"\u003epyasn1/pyasn1#81\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/102\"\u003epyasn1/pyasn1#102\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRevision 0.6.2, released 16-01-2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-23490 (GHSA-63vm-454h-vhhq): Fixed continuation octet limits\nin OID/RELATIVE-OID decoder (thanks to tsigouris007)\u003c/li\u003e\n\u003cli\u003eAdded support for Python 3.14\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/97\"\u003epyasn1/pyasn1#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded SECURITY.md policy\u003c/li\u003e\n\u003cli\u003eFixed unit tests failing due to missing code\n[issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003epyasn1/pyasn1#91\u003c/a\u003e)\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/92\"\u003epyasn1/pyasn1#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrated to pyproject.toml packaging\n[pr \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/90\"\u003e#90\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/pull/90\"\u003epyasn1/pyasn1#90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/af65c3b92e9deeae50db4de390982dd970d87f98\"\u003e\u003ccode\u003eaf65c3b\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5a49bd1fe93b5b866a1210f6bf0a3924f21572c8\"\u003e\u003ccode\u003e5a49bd1\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/5494ba43f738e700ca9f7c7a69ec5c44908c9a9f\"\u003e\u003ccode\u003e5494ba4\u003c/code\u003e\u003c/a\u003e Fix asDateTime incorrect fractional seconds parsing (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/71f486e6c32d0f270868aa1b2bb5ceb7d5fd5476\"\u003e\u003ccode\u003e71f486e\u003c/code\u003e\u003c/a\u003e Fix DeprecationWarning stacklevel for deprecated attributes (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/d7cb42dcaa9a66e18f14c4609c2ed00c5b65f7e8\"\u003e\u003ccode\u003ed7cb42d\u003c/code\u003e\u003c/a\u003e Fix OverflowError from oversized BER length field (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/e7356f89cf32c130d65b1a0e903fe7ecce426424\"\u003e\u003ccode\u003ee7356f8\u003c/code\u003e\u003c/a\u003e Prepare release 0.6.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/3908f144229eed4df24bd569d16e5991ace44970\"\u003e\u003ccode\u003e3908f14\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/0a7e067674b1ec558f9d233a3bc173472fe27c6c\"\u003e\u003ccode\u003e0a7e067\u003c/code\u003e\u003c/a\u003e Add support for Python 3.14 (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/33656e986d8e2355123799e7267104ac7d8a6fb1\"\u003e\u003ccode\u003e33656e9\u003c/code\u003e\u003c/a\u003e Create Security Policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyasn1/pyasn1/commit/fa62307253f4423effac71a618e20fabaa37e22e\"\u003e\u003ccode\u003efa62307\u003c/code\u003e\u003c/a\u003e fix for issue \u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/91\"\u003e#91\u003c/a\u003e: unit tests failing due to missing code (\u003ca href=\"https://redirect.github.com/pyasn1/pyasn1/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyasn1/pyasn1/compare/v0.6.1...v0.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 2.3.0 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/fd4dffd2fc544166b76151a2fa3d7b7c0eab540c\"\u003e\u003ccode\u003efd4dffd\u003c/code\u003e\u003c/a\u003e Patch \u003ccode\u003eVerifiedHTTPSConnection\u003c/code\u003e for Emscripten (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003e#3752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/13f0bfd55e4468fe1ea9c6f809d3a87b0f93ebab\"\u003e\u003ccode\u003e13f0bfd\u003c/code\u003e\u003c/a\u003e Handle massive values in Retry-After when calculating time to sleep for (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003e#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8c480bf87bcefd321b3a1ae47f04e908b6b2ed7b\"\u003e\u003ccode\u003e8c480bf\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3748\"\u003e#3748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/4b40616e959c0a2c466e8075f2a785a9f99bb0c1\"\u003e\u003ccode\u003e4b40616\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4.3.0 to 5.0.1 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3750\"\u003e#3750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/82b8479663d037d220c883f1584dd01a43bb273b\"\u003e\u003ccode\u003e82b8479\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3749\"\u003e#3749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/34284cb01700bb7d4fdd472f909e22393e9174e2\"\u003e\u003ccode\u003e34284cb\u003c/code\u003e\u003c/a\u003e Mention experimental features in the security policy (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3746\"\u003e#3746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/urllib3/urllib3/compare/2.3.0...2.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `urllib3` from 1.26.16 to 2.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/releases\"\u003eurllib3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.6.3\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by \u003ca href=\"https://github.com/D47A\"\u003e\u003ccode\u003e@​D47A\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-38jv-5279-wg99)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by default. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3743\"\u003eurllib3/urllib3#3743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3752\"\u003eurllib3/urllib3#3752\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.2\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3734\"\u003eurllib3/urllib3#3734\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.1\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and \u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods. (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3731\"\u003e#3731\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.6.0\u003c/h2\u003e\n\u003ch2\u003e🚀 urllib3 is fundraising for HTTP/2 support\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support\"\u003eurllib3 is raising ~$40,000 USD\u003c/a\u003e to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects \u003ca href=\"https://opencollective.com/urllib3\"\u003eplease consider contributing financially\u003c/a\u003e to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.\u003c/p\u003e\n\u003cp\u003eThank you for your support.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly compressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 reported by \u003ca href=\"https://github.com/Cycloctane\"\u003e\u003ccode\u003e@​Cycloctane\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-2xpw-w6gg-jr37)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 reported by \u003ca href=\"https://github.com/illia-v\"\u003e\u003ccode\u003e@​illia-v\u003c/code\u003e\u003c/a\u003e, 8.9 High, GHSA-gm62-xv2j-4w53)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but your environment contains a Brotli/brotlicffi/brotlipy package anyway, make sure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to  benefit from the security fixes and avoid warnings. Prefer using  \u003ccode\u003eurllib3[brotli]\u003c/code\u003e to install a compatible Brotli package automatically.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/urllib3/urllib3/blob/main/CHANGES.rst\"\u003eurllib3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.6.3 (2026-01-07)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a high-severity security issue where decompression-bomb safeguards of\nthe streaming API were bypassed when HTTP redirects were followed.\n(\u003ccode\u003eGHSA-38jv-5279-wg99 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eStarted treating \u003ccode\u003eRetry-After\u003c/code\u003e times greater than 6 hours as 6 hours by\ndefault. (\u003ccode\u003e[#3743](https://github.com/urllib3/urllib3/issues/3743) \u0026lt;https://github.com/urllib3/urllib3/issues/3743\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eurllib3.connection.VerifiedHTTPSConnection\u003c/code\u003e on Emscripten.\n(\u003ccode\u003e[#3752](https://github.com/urllib3/urllib3/issues/3752) \u0026lt;https://github.com/urllib3/urllib3/issues/3752\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.2 (2025-12-11)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTPResponse.read_chunked()\u003c/code\u003e to properly handle leftover data in\nthe decoder's buffer when reading compressed chunked responses.\n(\u003ccode\u003e[#3734](https://github.com/urllib3/urllib3/issues/3734) \u0026lt;https://github.com/urllib3/urllib3/issues/3734\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.1 (2025-12-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRestore previously removed \u003ccode\u003eHTTPResponse.getheaders()\u003c/code\u003e and\n\u003ccode\u003eHTTPResponse.getheader()\u003c/code\u003e methods.\n(\u003ccode\u003e[#3731](https://github.com/urllib3/urllib3/issues/3731) \u0026lt;https://github.com/urllib3/urllib3/issues/3731\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.6.0 (2025-12-05)\u003c/h1\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a security issue where streaming API could improperly handle highly\ncompressed HTTP content (\u0026quot;decompression bombs\u0026quot;) leading to excessive resource\nconsumption even when a small amount of data was requested. Reading small\nchunks of compressed data is safer and much more efficient now.\n(\u003ccode\u003eGHSA-2xpw-w6gg-jr37 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003cli\u003eFixed a security issue where an attacker could compose an HTTP response with\nvirtually unlimited links in the \u003ccode\u003eContent-Encoding\u003c/code\u003e header, potentially\nleading to a denial of service (DoS) attack by exhausting system resources\nduring decoding. The number of allowed chained encodings is now limited to 5.\n(\u003ccode\u003eGHSA-gm62-xv2j-4w53 \u0026lt;https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53\u0026gt;\u003c/code\u003e__)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. caution::\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIf urllib3 is not installed with the optional \u003ccode\u003eurllib3[brotli]\u003c/code\u003e extra, but\nyour environment contains a Brotli/brotlicffi/brotlipy package anyway, make\nsure to upgrade it to at least Brotli 1.2.0 or brotlicffi 1.2.0.0 to\nbenefit from the security fixes and avoid warnings. Prefer using\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/0248277dd7ac0239204889ca991353ad3e3a1ddc\"\u003e\u003ccode\u003e0248277\u003c/code\u003e\u003c/a\u003e Release 2.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b\"\u003e\u003ccode\u003e8864ac4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/70cecb27ca99d56aaaeb63ac27ee270ef2b24c5c\"\u003e\u003ccode\u003e70cecb2\u003c/code\u003e\u003c/a\u003e Fix Scorecard issues related to vulnerable dev dependencies (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3755\"\u003e#3755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/commit/41f249abe1ef3e20768588969c4035aba060a359\"\u003e\u003ccode\u003e41f249a\u003c/code\u003e\u003c/a\u003e Move \u0026quot;v2.0 Migration Guide\u0026quot; to the end of the table of contents (\u003ca href=\"https://redirect.github.com/urllib3/urllib3/issues/3747\"\u003e#3747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/urllib3/urllib3/c...\n\n_Description has been truncated_","html_url":"https://github.com/4xiaxia/generative-ai/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/4xiaxia%2Fgenerative-ai/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"0.6.2","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-05-01T00:15:08.000Z","version_change":"0.6.2 → 0.6.3","issue":{"uuid":"4362059023","node_id":"PR_kwDOBc_aAM7XTY_O","number":711,"state":"closed","title":"Bump the dependencies group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-01T00:13:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-01T00:15:08.000Z","updated_at":"2026-06-01T00:13:43.000Z","time_to_close":2678313,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"dependencies","update_count":25,"packages":[{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.4.22","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"imagesize","old_version":"1.4.1","new_version":"2.0.0","repository_url":"https://github.com/shibukawa/imagesize_py"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"tomli","old_version":"2.4.0","new_version":"2.4.1","repository_url":"https://github.com/hukkin/tomli"},{"name":"attrs","old_version":"25.4.0","new_version":"26.1.0","repository_url":"https://github.com/python-attrs/attrs"},{"name":"black","old_version":"26.1.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"filelock","old_version":"3.24.3","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"librt","old_version":"0.8.1","new_version":"0.9.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mypy","old_version":"1.19.1","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"nox","old_version":"2026.2.9","new_version":"2026.4.10","repository_url":"https://github.com/wntrblm/nox"},{"name":"pathspec","old_version":"1.0.4","new_version":"1.1.1","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.9.2","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-discovery","old_version":"1.1.0","new_version":"1.2.2","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"types-cffi","old_version":"1.17.0.20250915","new_version":"2.0.0.20260429","repository_url":"https://github.com/python/typeshed"},{"name":"types-setuptools","old_version":"82.0.0.20260210","new_version":"82.0.0.20260408","repository_url":"https://github.com/python/typeshed"},{"name":"virtualenv","old_version":"21.1.0","new_version":"21.3.0","repository_url":"https://github.com/pypa/virtualenv"},{"name":"coverage","old_version":"7.13.4","new_version":"7.13.5","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.1.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 25 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.4.22` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [imagesize](https://github.com/shibukawa/imagesize_py) | `1.4.1` | `2.0.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [tomli](https://github.com/hukkin/tomli) | `2.4.0` | `2.4.1` |\n| [attrs](https://github.com/python-attrs/attrs) | `25.4.0` | `26.1.0` |\n| [black](https://github.com/psf/black) | `26.1.0` | `26.3.1` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.3` | `3.29.0` |\n| [librt](https://github.com/mypyc/librt) | `0.8.1` | `0.9.0` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.2` |\n| [nox](https://github.com/wntrblm/nox) | `2026.2.9` | `2026.4.10` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.4` | `1.1.1` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.2` | `4.9.6` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.1.0` | `1.2.2` |\n| [types-cffi](https://github.com/python/typeshed) | `1.17.0.20250915` | `2.0.0.20260429` |\n| [types-setuptools](https://github.com/python/typeshed) | `82.0.0.20260210` | `82.0.0.20260408` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.1.0` | `21.3.0` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.3.0` | `26.1.0` |\n\n\nUpdates `idna` from 3.11 to 3.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.13 (2026-04-22)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.12 (2026-04-21)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0\"\u003e\u003ccode\u003e89cdfd2\u003c/code\u003e\u003c/a\u003e Release v3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891\"\u003e\u003ccode\u003e1eb0686\u003c/code\u003e\u003c/a\u003e Pre-release 3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e\"\u003e\u003ccode\u003e5f20d1e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/220\"\u003e#220\u003c/a\u003e from kjd/unicode-next\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810\"\u003e\u003ccode\u003e4ea8425\u003c/code\u003e\u003c/a\u003e Regenerate idnadata.py with correct NFKC_CF data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41\"\u003e\u003ccode\u003efd47341\u003c/code\u003e\u003c/a\u003e Use NFKC_CF from Unicode data files instead of Python's unicodedata module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467\"\u003e\u003ccode\u003ea5304a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/219\"\u003e#219\u003c/a\u003e from kjd/release-3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6\"\u003e\u003ccode\u003ed80d6f9\u003c/code\u003e\u003c/a\u003e Release v3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291\"\u003e\u003ccode\u003e1bb44dd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/218\"\u003e#218\u003c/a\u003e from kjd/release-candidate-3.12rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b\"\u003e\u003ccode\u003e909c49d\u003c/code\u003e\u003c/a\u003e Release candidate for 3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d\"\u003e\u003ccode\u003ec5459a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/217\"\u003e#217\u003c/a\u003e from kjd/housekeeping-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.2.25 to 2026.4.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.02.25...2026.04.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `imagesize` from 1.4.1 to 2.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/5ab28d47b96d6a0738ec036034919a739b4d64da\"\u003e\u003ccode\u003e5ab28d4\u003c/code\u003e\u003c/a\u003e bump module version to 2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/63d6afb8e24b9f9d599f7a15fa50ebc7964ad7c7\"\u003e\u003ccode\u003e63d6afb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/82\"\u003e#82\u003c/a\u003e from shibukawa/codex/update-readme-and-setup-instructi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/294606629eaf3950290de90a4b1ab9aaed7c89c3\"\u003e\u003ccode\u003e2946066\u003c/code\u003e\u003c/a\u003e docs: clarify EXIF orientation formats in v2.0 notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/53eff2e3ab713b81883003bbd4eca586cc592431\"\u003e\u003ccode\u003e53eff2e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/81\"\u003e#81\u003c/a\u003e from shibukawa/codex/refactor-code-to-reduce-duplication\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/ac14f2af0208f9d57780d86ff619a32f80b90109\"\u003e\u003ccode\u003eac14f2a\u003c/code\u003e\u003c/a\u003e Refactor duplicated JPEG segment parsing logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/48ab954c707642d06081c8b5eae53b61b410715a\"\u003e\u003ccode\u003e48ab954\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/80\"\u003e#80\u003c/a\u003e from shibukawa/codex/add-avif-exif-rotation-support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/5cada1084cc21621541216810ecaf4514ca0e60b\"\u003e\u003ccode\u003e5cada10\u003c/code\u003e\u003c/a\u003e Add AVIF EXIF rotation support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/232c6d5204e38d5a288114c098304cc2f8358f69\"\u003e\u003ccode\u003e232c6d5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/79\"\u003e#79\u003c/a\u003e from shibukawa/codex/add-heic/heif-support-and-rotation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/324c970eb6c8d5326a6e3e16216ed2d498358219\"\u003e\u003ccode\u003e324c970\u003c/code\u003e\u003c/a\u003e Add HEIC/HEIF size and rotation support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shibukawa/imagesize_py/commit/7b7bb5f720401332eba12e93ad2e31d1bbc01cd4\"\u003e\u003ccode\u003e7b7bb5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/shibukawa/imagesize_py/issues/78\"\u003e#78\u003c/a\u003e from shibukawa/codex/add-pypi-link-and-python-version-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shibukawa/imagesize_py/compare/1.4.1...2.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `packaging` from 26.0 to 26.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/releases\"\u003epackaging's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eFixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten by \u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) by \u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1168\"\u003epypa/packaging#1168\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1170\"\u003epypa/packaging#1170\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1171\"\u003epypa/packaging#1171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: re-export ExceptionGroup for now by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1164\"\u003epypa/packaging#1164\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edocs: add errors section and fix missing details by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1159\"\u003epypa/packaging#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(dev): document property-based test suite by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1167\"\u003epypa/packaging#1167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in DirectUrl documentation by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1169\"\u003epypa/packaging#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(specifiers): add is_unsatisfiable() usage example by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1166\"\u003epypa/packaging#1166\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1158\"\u003epypa/packaging#1158\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1174\"\u003epypa/packaging#1174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse native uv integration in rtd by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1175\"\u003epypa/packaging#1175\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ryanking13\"\u003e\u003ccode\u003e@​ryanking13\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1160\"\u003epypa/packaging#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eachimei\"\u003e\u003ccode\u003e@​eachimei\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1163\"\u003epypa/packaging#1163\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pypa/packaging/compare/26.1...26.2\"\u003ehttps://github.com/pypa/packaging/compare/26.1...26.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e26.1\u003c/h2\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cdel\u003ePEP 783: add handling for Emscripten wheel tags by \u003ca href=\"https://github.com/hoodmane\"\u003e\u003ccode\u003e@​hoodmane\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/804\"\u003epypa/packaging#804\u003c/a\u003e\u003c/del\u003e (old name used in implementation, will be fixed in next release)\u003c/li\u003e\n\u003cli\u003ePEP 803: add handling for the \u003ccode\u003eabi3.abi3t\u003c/code\u003e free-threading tag by \u003ca href=\"https://github.com/ngoldbaum\"\u003e\u003ccode\u003e@​ngoldbaum\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1099\"\u003epypa/packaging#1099\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePEP 723: add \u003ccode\u003epackaging.dependency_groups\u003c/code\u003e module, based on the \u003ccode\u003edependency-groups\u003c/code\u003e package by \u003ca href=\"https://github.com/sirosen\"\u003e\u003ccode\u003e@​sirosen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1065\"\u003epypa/packaging#1065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.direct_url\u003c/code\u003e module by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/944\"\u003epypa/packaging#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.errors\u003c/code\u003e module by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1071\"\u003epypa/packaging#1071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSpecifierSet.is_unsatisfiable\u003c/code\u003e using ranges (new internals that will be expanded in future versions) by \u003ca href=\"https://github.com/notatallshaw\"\u003e\u003ccode\u003e@​notatallshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1119\"\u003epypa/packaging#1119\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecreate_compatible_tags_selector\u003c/code\u003e to select compatible tags by \u003ca href=\"https://github.com/sbidoul\"\u003e\u003ccode\u003e@​sbidoul\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1110\"\u003epypa/packaging#1110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a \u003ccode\u003ekey\u003c/code\u003e argument to \u003ccode\u003eSpecifierSet.filter()\u003c/code\u003e by \u003ca href=\"https://github.com/frostming\"\u003e\u003ccode\u003e@​frostming\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1068\"\u003epypa/packaging#1068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003e\u0026amp;\u003c/code\u003e and \u003ccode\u003e|\u003c/code\u003e for \u003ccode\u003eMarker\u003c/code\u003e's by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1146\"\u003epypa/packaging#1146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNormalize \u003ccode\u003eVersion.__replace__\u003c/code\u003e and add \u003ccode\u003eVersion.from_parts\u003c/code\u003e by \u003ca href=\"https://github.com/henryiii\"\u003e\u003ccode\u003e@​henryiii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1078\"\u003epypa/packaging#1078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd an option to validate compressed tag set sort order in \u003ccode\u003eparse_wheel_filename\u003c/code\u003e by \u003ca href=\"https://github.com/r266-tech\"\u003e\u003ccode\u003e@​r266-tech\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1150\"\u003epypa/packaging#1150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBehavior adaptations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNarrow exclusion of pre-releases for \u003ccode\u003e\u0026lt;V.postN\u003c/code\u003e to match spec by \u003ca href=\"https://github.com/notatallshaw\"\u003e\u003ccode\u003e@​notatallshaw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pypa/packaging/pull/1140\"\u003epypa/packaging#1140\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/packaging/blob/main/CHANGELOG.rst\"\u003epackaging's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e26.2 - 2026-04-24\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nFixes:\n\u003cul\u003e\n\u003cli\u003eFix incorrect sysconfig var name for pyemscripten in (:pull:\u003ccode\u003e1160\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eVersion\u003c/code\u003e, \u003ccode\u003eSpecifier\u003c/code\u003e, \u003ccode\u003eSpecifierSet\u003c/code\u003e, \u003ccode\u003eTag\u003c/code\u003e, \u003ccode\u003eMarker\u003c/code\u003e, and \u003ccode\u003eRequirement\u003c/code\u003e pickle-safe\u003cbr /\u003e\nand backward-compatible with pickles created in 25.0-26.1 (including references to the removed\u003cbr /\u003e\n\u003ccode\u003epackaging._structures\u003c/code\u003e module) (:pull:\u003ccode\u003e1163\u003c/code\u003e, :pull:\u003ccode\u003e1168\u003c/code\u003e, :pull:\u003ccode\u003e1170\u003c/code\u003e, :pull:\u003ccode\u003e1171\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRe-export \u003ccode\u003eExceptionGroup\u003c/code\u003e in metadata for now in (:pull:\u003ccode\u003e1164\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd errors section and fix missing details in (:pull:\u003ccode\u003e1159\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eDocument our property-based test suite in (:pull:\u003ccode\u003e1167\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eFix a \u003ccode\u003eDirectUrl\u003c/code\u003e typo in (:pull:\u003ccode\u003e1167\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd example of \u003ccode\u003eis_unsatisfiable\u003c/code\u003e in (:pull:\u003ccode\u003e1166\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInternal:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnable the auditor persona on zizmor in (:pull:\u003ccode\u003e1158\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eTest new pickle guarantees in (:pull:\u003ccode\u003e1174\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eUse new native ReadTheDocs uv integration in (:pull:\u003ccode\u003e1175\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e26.1 - 2026-04-14\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePEP 783: add handling for Emscripten wheel tags in (:pull:\u003ccode\u003e804\u003c/code\u003e) (old name used in implementation, fixed in next release)\u003c/li\u003e\n\u003cli\u003ePEP 803: add handling for the \u003ccode\u003eabi3.abi3t\u003c/code\u003e free-threading tag in (:pull:\u003ccode\u003e1099\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 723: add \u003ccode\u003epackaging.dependency_groups\u003c/code\u003e module, based on the \u003ccode\u003edependency-groups\u003c/code\u003e package in (:pull:\u003ccode\u003e1065\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.direct_url\u003c/code\u003e module in (:pull:\u003ccode\u003e944\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003epackaging.errors\u003c/code\u003e module in (:pull:\u003ccode\u003e1071\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSpecifierSet.is_unsatisfiable\u003c/code\u003e using ranges (new internals that will be expanded in future versions) in (:pull:\u003ccode\u003e1119\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecreate_compatible_tags_selector\u003c/code\u003e to select compatible tags in (:pull:\u003ccode\u003e1110\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd a \u003ccode\u003ekey\u003c/code\u003e argument to \u003ccode\u003eSpecifierSet.filter()\u003c/code\u003e in (:pull:\u003ccode\u003e1068\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003e\u0026amp;\u003c/code\u003e and \u003ccode\u003e|\u003c/code\u003e for \u003ccode\u003eMarker\u003c/code\u003e's in (:pull:\u003ccode\u003e1146\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eNormalize \u003ccode\u003eVersion.__replace__\u003c/code\u003e and add \u003ccode\u003eVersion.from_parts\u003c/code\u003e in (:pull:\u003ccode\u003e1078\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdd an option to validate compressed tag set sort order in \u003ccode\u003eparse_wheel_filename\u003c/code\u003e in (:pull:\u003ccode\u003e1150\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBehavior adaptations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNarrow exclusion of pre-releases for \u003ccode\u003e\u0026lt;V.postN\u003c/code\u003e to match spec in (:pull:\u003ccode\u003e1140\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eNarrow exclusion of post-releases for \u003ccode\u003e\u0026gt;V\u003c/code\u003e to match spec in (:pull:\u003ccode\u003e1141\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003eformat_full_version\u003c/code\u003e to \u003ccode\u003e_format_full_version\u003c/code\u003e to make it visibly private in (:pull:\u003ccode\u003e1125\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eRestrict local version to ASCII in (:pull:\u003ccode\u003e1102\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePylock (PEP 751) updates:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/84a87ee42483d7352f9502d78a9553da8859aa7a\"\u003e\u003ccode\u003e84a87ee\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4a616b65bed23c8c6d58e6b0fc1a4434d4ff1f14\"\u003e\u003ccode\u003e4a616b6\u003c/code\u003e\u003c/a\u003e docs: a few more updates to prepare for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/9de6f44f1e82d4595edf3aad1c4f6f98c85935a0\"\u003e\u003ccode\u003e9de6f44\u003c/code\u003e\u003c/a\u003e ci: use native uv integration in rtd (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1175\"\u003e#1175\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/bc76e14debd1a2799d1ca8f9d9c9823f35bfa466\"\u003e\u003ccode\u003ebc76e14\u003c/code\u003e\u003c/a\u003e chore: update changelog for 26.2 (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1161\"\u003e#1161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/3f00091c08f0aa830e33ed7db00f16f11c8ac97f\"\u003e\u003ccode\u003e3f00091\u003c/code\u003e\u003c/a\u003e tests: add a pickle check (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1174\"\u003e#1174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/48a8a069805291186522de3eff73ea80a8ca96ad\"\u003e\u003ccode\u003e48a8a06\u003c/code\u003e\u003c/a\u003e fix: make Requirements/Markers pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1171\"\u003e#1171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/823b44ed1f904084a77ae3adf0ef130af6365f84\"\u003e\u003ccode\u003e823b44e\u003c/code\u003e\u003c/a\u003e fix: make Tags pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1170\"\u003e#1170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/4bed32d920ca7211dd65fdf0a1ee06376e9c4733\"\u003e\u003ccode\u003e4bed32d\u003c/code\u003e\u003c/a\u003e fix: make Specifier / SpecifierSet pickle-safe (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1168\"\u003e#1168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/963118e37caae97bc8b72f72956c7fb4ca9857ec\"\u003e\u003ccode\u003e963118e\u003c/code\u003e\u003c/a\u003e fix: re-export ExceptionGroup for now (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1164\"\u003e#1164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/packaging/commit/66e34a80256c96dea11da143682950c84b8133bb\"\u003e\u003ccode\u003e66e34a8\u003c/code\u003e\u003c/a\u003e docs(specifiers): add is_unsatisfiable() usage example (\u003ca href=\"https://redirect.github.com/pypa/packaging/issues/1166\"\u003e#1166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/packaging/compare/26.0...26.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pygments` from 2.19.2 to 2.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pygments/pygments/releases\"\u003epygments's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.20.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRell (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2914\"\u003e#2914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003earchetype: Fix catastrophic backtracking in GUID and ID patterns (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3064\"\u003e#3064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eASN.1: Recognize minus sign and fix range operator (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3014\"\u003e#3014\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3060\"\u003e#3060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eC++: Add C++26 keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e), add integer literal suffixes (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComponentPascal: Fix \u003ccode\u003eanalyse_text\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3028\"\u003e#3028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3032\"\u003e#3032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCoq renamed to Rocq (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2883\"\u003e#2883\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2908\"\u003e#2908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCython: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2932\"\u003e#2932\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDebian control: Improve architecture parsing (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3052\"\u003e#3052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDevicetree: Add support for overlay/fragments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3021\"\u003e#3021\u003c/a\u003e), add bytestring support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3022\"\u003e#3022\u003c/a\u003e), fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3057\"\u003e#3057\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFennel: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHaskell: Handle escape sequences in character literals (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3069\"\u003e#3069\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/1795\"\u003e#1795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJava: Add module keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLean4: Add operators \u003ccode\u003e]'\u003c/code\u003e, \u003ccode\u003e]?\u003c/code\u003e, \u003ccode\u003e]!\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2946\"\u003e#2946\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLESS: Support single-line comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3005\"\u003e#3005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLilyPond: Update to 2.25.29 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2974\"\u003e#2974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLLVM: Support C-style comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3023\"\u003e#3023\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2978\"\u003e#2978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLua(u): Fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMacaulay2: Update to 1.25.05 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2893\"\u003e#2893\u003c/a\u003e), 1.25.11 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2988\"\u003e#2988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMathematica: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2957\"\u003e#2957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emeson: Add additional operators (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMySQL: Update keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2970\"\u003e#2970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorg-Mode: Support both schedule and deadline (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2899\"\u003e#2899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePHP: Add \u003ccode\u003e__PROPERTY__\u003c/code\u003e magic constant (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2924\"\u003e#2924\u003c/a\u003e), add reserved keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3002\"\u003e#3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePostgreSQL: Add more keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2985\"\u003e#2985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprotobuf: Fix namespace tokenization (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2929\"\u003e#2929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython: Add \u003ccode\u003et\u003c/code\u003e-string support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2973\"\u003e#2973\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3009\"\u003e#3009\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTablegen: Fix infinite loop (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2972\"\u003e#2972\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTera Term macro: Add commands introduced in v5.3 through v5.6 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTOML: Support TOML 1.1.0 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3026\"\u003e#3026\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3027\"\u003e#3027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurtle: Allow empty comment lines (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2980\"\u003e#2980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXML: Added \u003ccode\u003e.xbrl\u003c/code\u003e as file ending (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2890\"\u003e#2890\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2891\"\u003e#2891\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Python 3.8, and add Python 3.14 as a supported version (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2987\"\u003e#2987\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3012\"\u003e#3012\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to \u003ccode\u003eautopygmentize\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2894\"\u003e#2894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eonedark\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2977\"\u003e#2977\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ertt\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2895\"\u003e#2895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache entry points to improve performance (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2979\"\u003e#2979\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003exterm-256\u003c/code\u003e color table (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003ekwargs\u003c/code\u003e dictionary getting mutated on each call (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pygments/pygments/blob/master/CHANGES\"\u003epygments's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 2.20.0\u003c/h2\u003e\n\u003cp\u003e(released March 29th, 2026)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRell (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2914\"\u003e#2914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated lexers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003earchetype: Fix catastrophic backtracking in GUID and ID patterns (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3064\"\u003e#3064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eASN.1: Recognize minus sign and fix range operator (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3014\"\u003e#3014\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3060\"\u003e#3060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eC++: Add C++26 keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e), add integer literal suffixes (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eComponentPascal: Fix \u003ccode\u003eanalyse_text\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3028\"\u003e#3028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3032\"\u003e#3032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCoq renamed to Rocq (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2883\"\u003e#2883\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2908\"\u003e#2908\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCython: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2932\"\u003e#2932\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDebian control: Improve architecture parsing (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3052\"\u003e#3052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDevicetree: Add support for overlay/fragments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3021\"\u003e#3021\u003c/a\u003e), add bytestring support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3022\"\u003e#3022\u003c/a\u003e), fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3057\"\u003e#3057\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFennel: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHaskell: Handle escape sequences in character literals (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3069\"\u003e#3069\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/1795\"\u003e#1795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJava: Add module keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2955\"\u003e#2955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLean4: Add operators \u003ccode\u003e]'\u003c/code\u003e, \u003ccode\u003e]?\u003c/code\u003e, \u003ccode\u003e]!\u003c/code\u003e  (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2946\"\u003e#2946\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLESS: Support single-line comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3005\"\u003e#3005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLilyPond: Update to 2.25.29 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2974\"\u003e#2974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLLVM: Support C-style comments (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3023\"\u003e#3023\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2978\"\u003e#2978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLua(u): Fix catastrophic backtracking (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMacaulay2: Update to 1.25.05 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2893\"\u003e#2893\u003c/a\u003e), 1.25.11 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2988\"\u003e#2988\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMathematica: Various improvements (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2957\"\u003e#2957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emeson: Add additional operators (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMySQL: Update keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2970\"\u003e#2970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorg-Mode: Support both schedule and deadline (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2899\"\u003e#2899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePHP: Add \u003ccode\u003e__PROPERTY__\u003c/code\u003e magic constant (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2924\"\u003e#2924\u003c/a\u003e), add reserved keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3002\"\u003e#3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePostgreSQL: Add more keywords (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2985\"\u003e#2985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprotobuf: Fix namespace tokenization (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2929\"\u003e#2929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython: Add \u003ccode\u003et\u003c/code\u003e-string support (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2973\"\u003e#2973\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3009\"\u003e#3009\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3010\"\u003e#3010\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTablegen: Fix infinite loop (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2972\"\u003e#2972\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTera Term macro: Add commands introduced in v5.3 through v5.6 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTOML: Support TOML 1.1.0 (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3026\"\u003e#3026\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3027\"\u003e#3027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurtle: Allow empty comment lines (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2980\"\u003e#2980\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXML: Added \u003ccode\u003e.xbrl\u003c/code\u003e as file ending (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2890\"\u003e#2890\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2891\"\u003e#2891\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop Python 3.8, and add Python 3.14 as a supported version (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2987\"\u003e#2987\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3012\"\u003e#3012\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eVarious improvements to \u003ccode\u003eautopygmentize\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2894\"\u003e#2894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003eonedark\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2977\"\u003e#2977\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate \u003ccode\u003ertt\u003c/code\u003e style to support more token types (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2895\"\u003e#2895\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCache entry points to improve performance (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/2979\"\u003e#2979\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003exterm-256\u003c/code\u003e color table (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3043\"\u003e#3043\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003ekwargs\u003c/code\u003e dictionary getting mutated on each call (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/708197d82827ba2d5ca78bcbb653c7102ce86dcd\"\u003e\u003ccode\u003e708197d\u003c/code\u003e\u003c/a\u003e Fix underline length.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/1d4538ae8621d766ecc91ff59caf76ab75983abc\"\u003e\u003ccode\u003e1d4538a\u003c/code\u003e\u003c/a\u003e Prepare 2.20 release.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/2ceaee4e634eebae2d10a47fd05406871f6bac8f\"\u003e\u003ccode\u003e2ceaee4\u003c/code\u003e\u003c/a\u003e Update CHANGES.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/e3a3c54b58c7f80bc4db887e471d4f91c77844ed\"\u003e\u003ccode\u003ee3a3c54\u003c/code\u003e\u003c/a\u003e Fix Haskell lexer: handle escape sequences in character literals (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3069\"\u003e#3069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/d7c3453e342dac319f58e4091f4ef183cc49d802\"\u003e\u003ccode\u003ed7c3453\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3071\"\u003e#3071\u003c/a\u003e from pygments/harden-html-formatter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/0f97e7c37d44abfa4ddfddf44a3290fdad586034\"\u003e\u003ccode\u003e0f97e7c\u003c/code\u003e\u003c/a\u003e Harden the HTML formatter against CSS.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/9f981b2ba42b88ca5bdcebf12cd01efd7cd80aec\"\u003e\u003ccode\u003e9f981b2\u003c/code\u003e\u003c/a\u003e Update CHANGES.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/1d889151024e9a53f3702a60558b29b070306e9e\"\u003e\u003ccode\u003e1d88915\u003c/code\u003e\u003c/a\u003e Update CHANGES.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/c3d93adb9827fc054c3c12b47bde31c781a36a93\"\u003e\u003ccode\u003ec3d93ad\u003c/code\u003e\u003c/a\u003e Fix ASN.1 lexer: recognize minus sign and fix range operator (\u003ca href=\"https://redirect.github.com/pygments/pygments/issues/3060\"\u003e#3060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pygments/pygments/commit/4f06bcf8a5ba3f2b5bda24a26ccf041a1a65d91e\"\u003e\u003ccode\u003e4f06bcf\u003c/code\u003e\u003c/a\u003e fix bad behaving backtracking regex in CommonLispLexer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pygments/pygments/compare/2.19.2...2.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.1\u003c/h2\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ferdnyc\"\u003e\u003ccode\u003e@​ferdnyc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7277\"\u003epsf/requests#7277\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.1 (2026-03-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary\nfiles in the tmp directory. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed Content-Type header parsing for malformed values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImproved error consistency for malformed header values. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/111d2b77790bf49943c0dfa09b365371c24aec7e\"\u003e\u003ccode\u003e111d2b7\u003c/code\u003e\u003c/a\u003e v2.33.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/f0198e6dfc431a2293dc16e1b1e8fcddc910a7f3\"\u003e\u003ccode\u003ef0198e6\u003c/code\u003e\u003c/a\u003e Fix malformed value parsing for Content-Type (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7309\"\u003e#7309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc7dd0fc4d56e808bcdd85ac2d797b3107c89259\"\u003e\u003ccode\u003ebc7dd0f\u003c/code\u003e\u003c/a\u003e Fix cosmetic header validity parsing regex (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7308\"\u003e#7308\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/4443b1a847b190010c2972a658924b98b5db6360\"\u003e\u003ccode\u003e4443b1a\u003c/code\u003e\u003c/a\u003e Fix unintended test extra (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7306\"\u003e#7306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/389eea58dfb2f2ee096421a812e3af29c0298951\"\u003e\u003ccode\u003e389eea5\u003c/code\u003e\u003c/a\u003e Cleanup extracted file after extract_zipped_path test (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7305\"\u003e#7305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/7407309c8a8a73aa2f4337184025d440bbedab7a\"\u003e\u003ccode\u003e7407309\u003c/code\u003e\u003c/a\u003e Packaging: DRY out extras definition (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7277\"\u003e#7277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tomli` from 2.4.0 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hukkin/tomli/blob/master/CHANGELOG.md\"\u003etomli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed\n\u003cul\u003e\n\u003cli\u003eLimit number of parts of a TOML key to address quadratic time complexity\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/c5f44690c68c5ed29534faa8f9df18882113728c\"\u003e\u003ccode\u003ec5f4469\u003c/code\u003e\u003c/a\u003e Bump version: 2.4.0 → 2.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/2bcd2627d5fcc262f734eaa730b62c0915d1e0d3\"\u003e\u003ccode\u003e2bcd262\u003c/code\u003e\u003c/a\u003e Add change log for 2.4.1 and 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/e1fdb94bc998377f1c2545c7cd4f70ff2a3fb4e4\"\u003e\u003ccode\u003ee1fdb94\u003c/code\u003e\u003c/a\u003e Limit number of parts of a key (\u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/c20c49113890c226ffb27a67befe20d14fcf0c73\"\u003e\u003ccode\u003ec20c491\u003c/code\u003e\u003c/a\u003e pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/920e20b1cf495b63f6d4a6aa3cd5e4ff25f5f5a7\"\u003e\u003ccode\u003e920e20b\u003c/code\u003e\u003c/a\u003e Update performance benchmark and results\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hukkin/tomli/commit/064e492919b2338def788753b8c981c9131334c0\"\u003e\u003ccode\u003e064e492\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hukkin/tomli/issues/280\"\u003e#280\u003c/a\u003e from hukkin/version-2.4.0\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/hukkin/tomli/compare/2.4.0...2.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `attrs` from 25.4.0 to 26.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-attrs/attrs/releases\"\u003eattrs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.1.0\u003c/h2\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cp\u003eThe main outward change here only affects people using field transformers, but it should be a nice quality of life improvement!\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eFull changelog below!\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eSpecial Thanks\u003c/h2\u003e\n\u003cp\u003eThis release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If \u003cem\u003eyou\u003c/em\u003e would like to join them, go to \u003ca href=\"https://github.com/sponsors/hynek\"\u003ehttps://github.com/sponsors/hynek\u003c/a\u003e and check out the sweet perks!\u003c/p\u003e\n\u003ch3\u003eAbove and Beyond\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://www.variomedia.de/\"\u003eVariomedia AG\u003c/a\u003e (@\u003ca href=\"https://github.com/variomedia\"\u003evariomedia\u003c/a\u003e), \u003ca href=\"https://www.tidelift.com/\"\u003eTidelift\u003c/a\u003e (@\u003ca href=\"https://github.com/tidelift\"\u003etidelift\u003c/a\u003e), \u003ca href=\"https://kraken.tech\"\u003eKraken Tech\u003c/a\u003e (@\u003ca href=\"https://github.com/kraken-tech\"\u003ekraken-tech\u003c/a\u003e), \u003ca href=\"https://privacy-solutions.org\"\u003ePrivacy Solutions GmbH\u003c/a\u003e (@\u003ca href=\"https://github.com/privacy-solutions\"\u003eprivacy-solutions\u003c/a\u003e), \u003ca href=\"http://filepreviews.io/\"\u003eFilePreviews\u003c/a\u003e (@\u003ca href=\"https://github.com/filepreviews\"\u003efilepreviews\u003c/a\u003e), \u003ca href=\"https://ecosyste.ms\"\u003eEcosystems\u003c/a\u003e (@\u003ca href=\"https://github.com/ecosyste-ms\"\u003eecosyste-ms\u003c/a\u003e), \u003ca href=\"https://www.lambdatest.com\"\u003eTestMu AI Open Source Office (Formerly LambdaTest)\u003c/a\u003e (@\u003ca href=\"https://github.com/LambdaTest-Inc\"\u003eLambdaTest-Inc\u003c/a\u003e), \u003ca href=\"https://doist.com/\"\u003eDoist\u003c/a\u003e (@\u003ca href=\"https://github.com/Doist\"\u003eDoist\u003c/a\u003e), Daniel Fortunov (@\u003ca href=\"https://github.com/asqui\"\u003easqui\u003c/a\u003e), and Kevin P. Fleming (@\u003ca href=\"https://github.com/kpfleming\"\u003ekpfleming\u003c/a\u003e).\u003c/p\u003e\n\u003ch3\u003eMaintenance Sustainers\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://buttondown.com\"\u003eButtondown\u003c/a\u003e (@\u003ca href=\"https://github.com/buttondown\"\u003ebuttondown\u003c/a\u003e), \u003ca href=\"https://christopher.xyz\"\u003eChristopher Dignam\u003c/a\u003e (@\u003ca href=\"https://github.com/chdsbd\"\u003echdsbd\u003c/a\u003e), Magnus Watn (@\u003ca href=\"https://github.com/magnuswatn\"\u003emagnuswatn\u003c/a\u003e), \u003ca href=\"https://cra.mr\"\u003eDavid Cramer\u003c/a\u003e (@\u003ca href=\"https://github.com/dcramer\"\u003edcramer\u003c/a\u003e), \u003ca href=\"https://rivolaks.com\"\u003eRivo Laks\u003c/a\u003e (@\u003ca href=\"https://github.com/rivol\"\u003erivol\u003c/a\u003e), \u003ca href=\"https://polar.sh\"\u003ePolar\u003c/a\u003e (@\u003ca href=\"https://github.com/polarsource\"\u003epolarsource\u003c/a\u003e), \u003ca href=\"https://miketheman.dev\"\u003eMike Fiedler\u003c/a\u003e (@\u003ca href=\"https://github.com/miketheman\"\u003emiketheman\u003c/a\u003e), Duncan Hill (@\u003ca href=\"https://github.com/cricalix\"\u003ecricalix\u003c/a\u003e), Colin Marquardt (@\u003ca href=\"https://github.com/cmarqu\"\u003ecmarqu\u003c/a\u003e), \u003ca href=\"https://blog.journeythatcounts.nl\"\u003ePieter Swinkels\u003c/a\u003e (@\u003ca href=\"https://github.com/swinkels\"\u003eswinkels\u003c/a\u003e), Nick Libertini (@\u003ca href=\"https://github.com/libertininick\"\u003elibertininick\u003c/a\u003e), \u003ca href=\"https://bmdphd.info/\"\u003eBrian M. Dennis\u003c/a\u003e (@\u003ca href=\"https://github.com/crossjam\"\u003ecrossjam\u003c/a\u003e), Celebrity News AG (@\u003ca href=\"https://github.com/celebritynewsag\"\u003ecelebritynewsag\u003c/a\u003e), \u003ca href=\"https://westervelt.com\"\u003eThe Westervelt Company\u003c/a\u003e (@\u003ca href=\"https://github.com/westerveltco\"\u003ewesterveltco\u003c/a\u003e), \u003ca href=\"https://slafs.net\"\u003eSławomir Ehlert\u003c/a\u003e (@\u003ca href=\"https://github.com/slafs\"\u003eslafs\u003c/a\u003e), Mostafa Khalil (@\u003ca href=\"https://github.com/khadrawy\"\u003ekhadrawy\u003c/a\u003e), \u003ca href=\"https://fmularczyk.pl\"\u003eFilip Mularczyk\u003c/a\u003e (@\u003ca href=\"https://github.com/mukiblejlok\"\u003emukiblejlok\u003c/a\u003e), Thomas Klinger (@\u003ca href=\"https://github.com/thmsklngr\"\u003ethmsklngr\u003c/a\u003e), \u003ca href=\"https://poehlmann.io\"\u003eAndreas Poehlmann\u003c/a\u003e (@\u003ca href=\"https://github.com/ap--\"\u003eap--\u003c/a\u003e), \u003ca href=\"https://atbigelow.com\"\u003eAugust Trapper Bigelow\u003c/a\u003e (@\u003ca href=\"https://github.com/atbigelow\"\u003eatbigelow\u003c/a\u003e), \u003ca href=\"https://noumenal.es/\"\u003eCarlton Gibson\u003c/a\u003e (@\u003ca href=\"https://github.com/carltongibson\"\u003ecarltongibson\u003c/a\u003e), and \u003ca href=\"https://roboflow.com\"\u003eRoboflow\u003c/a\u003e (@\u003ca href=\"https://github.com/roboflow\"\u003eroboflow\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eFull Changelog\u003c/h2\u003e\n\u003ch3\u003eBackwards-incompatible Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eField aliases are now resolved \u003cem\u003ebefore\u003c/em\u003e calling \u003ccode\u003efield_transformer\u003c/code\u003e, so transformers receive fully populated \u003ccode\u003eAttribute\u003c/code\u003e objects with usable \u003ccode\u003ealias\u003c/code\u003e values instead of \u003ccode\u003eNone\u003c/code\u003e. The new \u003ccode\u003eAttribute.alias_is_default\u003c/code\u003e flag indicates whether the alias was auto-generated (\u003ccode\u003eTrue\u003c/code\u003e) or explicitly set by the user (\u003ccode\u003eFalse\u003c/code\u003e). \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1509\"\u003e#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix type annotations for \u003ccode\u003eattrs.validators.optional()\u003c/code\u003e, so it no longer rejects tuples with more than one validator. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1496\"\u003e#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eattrs.validators.disabled()\u003c/code\u003e contextmanager can now be nested. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1513\"\u003e#1513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFrozen classes can set \u003ccode\u003eon_setattr=attrs.setters.NO_OP\u003c/code\u003e in addition to \u003ccode\u003eNone\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1515\"\u003e#1515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt's now possible to pass \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003einstances\u003c/strong\u003e in addition to \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003eclasses\u003c/strong\u003e to \u003ccode\u003eattrs.fields()\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eThis release contains contributions from \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/DavidCEllis\"\u003e\u003ccode\u003e@​DavidCEllis\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/finite-state-machine\"\u003e\u003ccode\u003e@​finite-state-machine\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/hynek\"\u003e\u003ccode\u003e@​hynek\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/vstinner\"\u003e\u003ccode\u003e@​vstinner\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eArtifact Attestations\u003c/h2\u003e\n\u003cp\u003eYou can verify this release's \u003ca href=\"https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds\"\u003eartifact attestions\u003c/a\u003e using \u003ca href=\"https://cli.github.com\"\u003eGitHub's CLI tool\u003c/a\u003e by downloading the sdist and wheel from \u003ca href=\"https://pypi.org/project/attrs\"\u003ePyPI\u003c/a\u003e and running:\u003c/p\u003e\n\u003cpre lang=\"console\"\u003e\u003ccode\u003e$ gh attestation verify --owner python-attrs attrs-26.1.0.tar.gz\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md\"\u003eattrs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/python-attrs/attrs/tree/26.1.0\"\u003e26.1.0\u003c/a\u003e - 2026-03-19\u003c/h2\u003e\n\u003ch3\u003eBackwards-incompatible Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eField aliases are now resolved \u003cem\u003ebefore\u003c/em\u003e calling \u003ccode\u003efield_transformer\u003c/code\u003e, so transformers receive fully populated \u003ccode\u003eAttribute\u003c/code\u003e objects with usable \u003ccode\u003ealias\u003c/code\u003e values instead of \u003ccode\u003eNone\u003c/code\u003e.\nThe new \u003ccode\u003eAttribute.alias_is_default\u003c/code\u003e flag indicates whether the alias was auto-generated (\u003ccode\u003eTrue\u003c/code\u003e) or explicitly set by the user (\u003ccode\u003eFalse\u003c/code\u003e).\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1509\"\u003e#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix type annotations for \u003ccode\u003eattrs.validators.optional()\u003c/code\u003e, so it no longer rejects tuples with more than one validator.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1496\"\u003e#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eattrs.validators.disabled()\u003c/code\u003e contextmanager can now be nested.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1513\"\u003e#1513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFrozen classes can set \u003ccode\u003eon_setattr=attrs.setters.NO_OP\u003c/code\u003e in addition to \u003ccode\u003eNone\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1515\"\u003e#1515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIt's now possible to pass \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003einstances\u003c/strong\u003e in addition to \u003cem\u003eattrs\u003c/em\u003e \u003cstrong\u003eclasses\u003c/strong\u003e to \u003ccode\u003eattrs.fields()\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/7bfc49e9b22d5ba25b6e429524c3d49fee27cb36\"\u003e\u003ccode\u003e7bfc49e\u003c/code\u003e\u003c/a\u003e Prepare 26.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/31e02869da10824b492c378c1dc87ccc720ee5ad\"\u003e\u003ccode\u003e31e0286\u003c/code\u003e\u003c/a\u003e Update test_validators.py for Python 3.15a7 (\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/48b8611c27779811d161200e17de8da24aae7feb\"\u003e\u003ccode\u003e48b8611\u003c/code\u003e\u003c/a\u003e Add instance support to attrs.fields() (\u003ca href=\"https://redirect.github.com/python-attrs/attrs/issues/1529\"\u003e#1529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/3a68d4913221abc6f8ad3be50937f7ae49300a98\"\u003e\u003ccode\u003e3a68d49\u003c/code\u003e\u003c/a\u003e dev: document missing git tags failure mode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-attrs/attrs/commit/a572c3a4c558a8b9b48cf989fcd956ab1a279439\"\u003e\u003ccode\u003ea572c3a\u003c/cod...\n\n_Description has been truncated_","html_url":"https://github.com/python-trio/trustme/pull/711","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/python-trio%2Ftrustme/issues/711","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/711/packages"}},{"old_version":"0.6.2","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-04-27T04:45:26.000Z","version_change":"0.6.2 → 0.6.3","issue":{"uuid":"4333145766","node_id":"PR_kwDOQguR2c7V04_h","number":11,"state":"closed","title":"chore(deps): bump the python-minor-patch group across 1 directory with 43 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-11T04:47:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T04:45:26.000Z","updated_at":"2026-05-11T04:47:55.000Z","time_to_close":1209748,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":43,"packages":[{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.1.4","new_version":"2026.4.22","repository_url":"https://github.com/certifi/python-certifi"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"ecdsa","old_version":"0.19.1","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"fastapi","old_version":"0.128.0","new_version":"0.136.1","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fsspec","old_version":"2026.1.0","new_version":"2026.4.0","repository_url":"https://github.com/fsspec/filesystem_spec"},{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"jinja2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/jinja"},{"name":"jiter","old_version":"0.12.0","new_version":"0.14.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"lxml","old_version":"6.0.2","new_version":"6.1.0","repository_url":"https://github.com/lxml/lxml"},{"name":"mmh3","old_version":"5.2.0","new_version":"5.2.1","repository_url":"https://github.com/hajimes/mmh3"},{"name":"nltk","old_version":"3.9.2","new_version":"3.9.4","repository_url":"https://github.com/nltk/nltk"},{"name":"openai","old_version":"2.16.0","new_version":"2.33.0","repository_url":"https://github.com/openai/openai-python"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pillow","old_version":"12.1.0","new_version":"12.2.0","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"postgrest","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"psycopg-binary","old_version":"3.3.2","new_version":"3.3.4","repository_url":"https://github.com/psycopg/psycopg"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.12.0","new_version":"2.14.0","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.46.3","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyiceberg","old_version":"0.10.0","new_version":"0.11.1","repository_url":"https://github.com/apache/iceberg-python"},{"name":"pyjwt","old_version":"2.10.1","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pypdfium2","old_version":"5.3.0","new_version":"5.7.1","repository_url":"https://github.com/pypdfium2-team/pypdfium2"},{"name":"pyroaring","old_version":"1.0.3","new_version":"1.1.0","repository_url":"https://github.com/Ezibenroc/PyRoaringBitMap"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"python-multipart","old_version":"0.0.22","new_version":"0.0.27","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"realtime","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"regex","old_version":"2026.1.15","new_version":"2026.4.4","repository_url":"https://github.com/mrabarnett/mrab-regex"},{"name":"reportlab","old_version":"4.4.9","new_version":"4.5.0"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"storage3","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.27.2","new_version":"2.29.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tenacity","old_version":"9.1.2","new_version":"9.1.4","repository_url":"https://github.com/jd/tenacity"},{"name":"textblob","old_version":"0.19.0","new_version":"0.20.0","repository_url":"https://github.com/sloria/TextBlob"},{"name":"tqdm","old_version":"4.67.1","new_version":"4.67.3","repository_url":"https://github.com/tqdm/tqdm"},{"name":"uvicorn","old_version":"0.40.0","new_version":"0.46.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"yarl","old_version":"1.22.0","new_version":"1.23.0","repository_url":"https://github.com/aio-libs/yarl"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 43 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.1.4` | `2026.4.22` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.19.1` | `0.19.2` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.128.0` | `0.136.1` |\n| [fsspec](https://github.com/fsspec/filesystem_spec) | `2026.1.0` | `2026.4.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` |\n| [jiter](https://github.com/pydantic/jiter) | `0.12.0` | `0.14.0` |\n| [lxml](https://github.com/lxml/lxml) | `6.0.2` | `6.1.0` |\n| [mmh3](https://github.com/hajimes/mmh3) | `5.2.0` | `5.2.1` |\n| [nltk](https://github.com/nltk/nltk) | `3.9.2` | `3.9.4` |\n| [openai](https://github.com/openai/openai-python) | `2.16.0` | `2.33.0` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pillow](https://github.com/python-pillow/Pillow) | `12.1.0` | `12.2.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [psycopg-binary](https://github.com/psycopg/psycopg) | `3.3.2` | `3.3.4` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.3` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.14.0` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.46.3` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyiceberg](https://github.com/apache/iceberg-python) | `0.10.0` | `0.11.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.10.1` | `2.12.1` |\n| [pypdfium2](https://github.com/pypdfium2-team/pypdfium2) | `5.3.0` | `5.7.1` |\n| [pyroaring](https://github.com/Ezibenroc/PyRoaringBitMap) | `1.0.3` | `1.1.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.22` | `0.0.27` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [regex](https://github.com/mrabarnett/mrab-regex) | `2026.1.15` | `2026.4.4` |\n| [reportlab](https://www.reportlab.com/) | `4.4.9` | `4.5.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.27.2` | `2.29.0` |\n| [tenacity](https://github.com/jd/tenacity) | `9.1.2` | `9.1.4` |\n| [textblob](https://github.com/sloria/TextBlob) | `0.19.0` | `0.20.0` |\n| [tqdm](https://github.com/tqdm/tqdm) | `4.67.1` | `4.67.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.40.0` | `0.46.0` |\n| [yarl](https://github.com/aio-libs/yarl) | `1.22.0` | `1.23.0` |\n\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.1.4 to 2026.4.22\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/8571a4ba5205675107f9026d0008ad2d7a2778bf\"\u003e\u003ccode\u003e8571a4b\u003c/code\u003e\u003c/a\u003e 2026.02.25 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/6f7de00579d292af565bbb8a947643219794eb6d\"\u003e\u003ccode\u003e6f7de00\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/390\"\u003e#390\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/a1de59b15105cad768afed4f066b36171134f04a\"\u003e\u003ccode\u003ea1de59b\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.01.04...2026.04.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `charset-normalizer` from 3.4.4 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/releases\"\u003echarset-normalizer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.4.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.4.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\u003cbr /\u003e\nmypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/714\"\u003ejawah/charset_normalizer#714\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md\"\u003echarset-normalizer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.6...3.4.7\"\u003e3.4.7\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePre-built optimized version using mypy[c] v1.20.\u003c/li\u003e\n\u003cli\u003eRelax \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;82.1\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly remove SIG remnant in utf-7 decoded string. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/718\"\u003e#718\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.5...3.4.6\"\u003e3.4.6\u003c/a\u003e (2026-03-15)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFlattened the logic in \u003ccode\u003echarset_normalizer.md\u003c/code\u003e for higher performance. Removed \u003ccode\u003eeligible(..)\u003c/code\u003e and \u003ccode\u003efeed(...)\u003c/code\u003e\nin favor of \u003ccode\u003efeed_info(...)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound for mypy[c] to 1.20, for our optimized version.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003eUNICODE_RANGES_COMBINED\u003c/code\u003e using Unicode blocks v17.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEdge case where noise difference between two candidates can be almost insignificant. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCLI \u003ccode\u003e--normalize\u003c/code\u003e writing to wrong path when passing multiple files in. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/702\"\u003e#702\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFreethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/Ousret/charset_normalizer/compare/3.4.4...3.4.5\"\u003e3.4.5\u003c/a\u003e (2026-03-06)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003esetuptools\u003c/code\u003e constraint to \u003ccode\u003esetuptools\u0026gt;=68,\u0026lt;=82\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRaised upper bound of mypyc for the optional pre-built extension to v1.19.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd explicit link to lib math in our optimized build. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eLogger level not restored correctly for empty byte sequences. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/701\"\u003e#701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTypeError when passing bytearray to from_bytes. (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/703\"\u003e#703\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eApplied safe micro-optimizations in both our noise detector and language detector.\u003c/li\u003e\n\u003cli\u003eRewrote the \u003ccode\u003equery_yes_no\u003c/code\u003e function (inside CLI) to avoid using ambiguous licensed code.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003ecd.py\u003c/code\u003e submodule into mypyc optional compilation to reduce further the performance impact.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/0f07891bf516b5d5231f1bd4dd2d8da7d4d09a9a\"\u003e\u003ccode\u003e0f07891\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/729\"\u003e#729\u003c/a\u003e from jawah/release-3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/fdbeb299479e8f4d737e4d227cd0b2bd5d273dc0\"\u003e\u003ccode\u003efdbeb29\u003c/code\u003e\u003c/a\u003e chore: update dev, and ci requirements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b66f922bfbdbdd9dd46af18a8964d4fb888756d4\"\u003e\u003ccode\u003eb66f922\u003c/code\u003e\u003c/a\u003e chore: add ft classifier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/f94249d0a2c712f2d03124f4de6b77f5e03aaa96\"\u003e\u003ccode\u003ef94249d\u003c/code\u003e\u003c/a\u003e chore: add test cases for utf_7 recent fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/95c866f6c984bbd043e7e3ed0628aa4f3f8d5a26\"\u003e\u003ccode\u003e95c866f\u003c/code\u003e\u003c/a\u003e chore: bump version to 3.4.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/4f429bb764c7e893f99bb4bceb60856da1baacfb\"\u003e\u003ccode\u003e4f429bb\u003c/code\u003e\u003c/a\u003e chore: bump mypy pre-commit to v1.20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/b579cd6cab9bd83aa3fc0ca169d4df022bf4888c\"\u003e\u003ccode\u003eb579cd6\u003c/code\u003e\u003c/a\u003e fix: correctly remove SIG remnant in utf-7 decoded string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/58bf944a77cc0883fc46a6ee8edac3549fea5d59\"\u003e\u003ccode\u003e58bf944\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump github/codeql-action from 4.32.4 to 4.35.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/728\"\u003e#728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/44cf8a1b676a2532a8f1694e62e4f4f98f9132e1\"\u003e\u003ccode\u003e44cf8a1\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jawah/charset_normalizer/commit/362bc20073f737b1ba4ca2f68cffb0c4cc024d20\"\u003e\u003ccode\u003e362bc20\u003c/code\u003e\u003c/a\u003e :arrow_up: Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (\u003ca href=\"https://redirect.github.com/jawah/charset_normalizer/issues/725\"\u003e#725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jawah/charset_normalizer/compare/3.4.4...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.1 to 8.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.3.3\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.3/\"\u003ehttps://pypi.org/project/click/8.3.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-3\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/1026\"\u003e#1026\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/1477\"\u003e#1477\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2775\"\u003e#2775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3298\"\u003e#3298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3299\"\u003e#3299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3238\"\u003e#3238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3224\"\u003e#3224\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/654\"\u003e#654\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/824\"\u003e#824\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/843\"\u003e#843\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/951\"\u003e#951\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3235\"\u003e#3235\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3151\"\u003e#3151\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3177\"\u003e#3177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2836\"\u003e#2836\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/2837\"\u003e#2837\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3165\"\u003e#3165\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3262\"\u003e#3262\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3280\"\u003e#3280\u003c/a\u003e\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3111\"\u003e#3111\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3189\"\u003e#3189\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3250\"\u003e#3250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/2865\"\u003e#2865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2879\"\u003e#2879\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.3.2\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.3.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.3.2/\"\u003ehttps://pypi.org/project/click/8.3.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-3-2\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-3-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/29\"\u003ehttps://github.com/pallets/click/milestone/29\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.3.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-20\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse :func:\u003ccode\u003eshlex.split\u003c/code\u003e to split pager and editor commands into \u003ccode\u003eargv\u003c/code\u003e\nlists for :class:\u003ccode\u003esubprocess.Popen\u003c/code\u003e, removing \u003ccode\u003eshell=True\u003c/code\u003e.\n:issue:\u003ccode\u003e1026\u003c/code\u003e :pr:\u003ccode\u003e1477\u003c/code\u003e :pr:\u003ccode\u003e2775\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eTypeError\u003c/code\u003e when rendering help for an option whose default value is\nan object that doesn't support equality comparison with strings, such as\n\u003ccode\u003esemver.Version\u003c/code\u003e. :issue:\u003ccode\u003e3298\u003c/code\u003e :pr:\u003ccode\u003e3299\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix pager test pollution under parallel execution by using pytest's\n\u003ccode\u003etmp_path\u003c/code\u003e fixture instead of a shared temporary file path. :pr:\u003ccode\u003e3238\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values in a \u003ccode\u003edefault_map\u003c/code\u003e as absent, so they fall\nthrough to the next default source instead of being used as the value.\n:issue:\u003ccode\u003e3224\u003c/code\u003e :pr:\u003ccode\u003e3240\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePatch \u003ccode\u003epdb.Pdb\u003c/code\u003e in \u003ccode\u003eCliRunner\u003c/code\u003e isolation so \u003ccode\u003epdb.set_trace()\u003c/code\u003e,\n\u003ccode\u003ebreakpoint()\u003c/code\u003e, and debuggers subclassing \u003ccode\u003epdb.Pdb\u003c/code\u003e (ipdb, pdbpp) can\ninteract with the real terminal instead of the captured I/O streams.\n:issue:\u003ccode\u003e654\u003c/code\u003e :issue:\u003ccode\u003e824\u003c/code\u003e :issue:\u003ccode\u003e843\u003c/code\u003e :pr:\u003ccode\u003e951\u003c/code\u003e :pr:\u003ccode\u003e3235\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional randomized parallel test execution using \u003ccode\u003epytest-randomly\u003c/code\u003e and\n\u003ccode\u003epytest-xdist\u003c/code\u003e to detect test pollution and race conditions. :pr:\u003ccode\u003e3151\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd contributor documentation for running stress tests, randomized\nparallel tests, and Flask smoke tests. :pr:\u003ccode\u003e3151\u003c/code\u003e :pr:\u003ccode\u003e3177\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShow custom \u003ccode\u003eshow_default\u003c/code\u003e string in prompts, matching the existing\nhelp text behavior. :issue:\u003ccode\u003e2836\u003c/code\u003e :pr:\u003ccode\u003e2837\u003c/code\u003e :pr:\u003ccode\u003e3165\u003c/code\u003e :pr:\u003ccode\u003e3262\u003c/code\u003e :pr:\u003ccode\u003e3280\u003c/code\u003e\n:pr:\u003ccode\u003e3328\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003edefault=True\u003c/code\u003e with boolean \u003ccode\u003eflag_value\u003c/code\u003e always returning the\n\u003ccode\u003eflag_value\u003c/code\u003e instead of \u003ccode\u003eTrue\u003c/code\u003e. The \u003ccode\u003edefault=True\u003c/code\u003e to \u003ccode\u003eflag_value\u003c/code\u003e\nsubstitution now only applies to non-boolean flags, where \u003ccode\u003eTrue\u003c/code\u003e acts as a\nsentinel meaning \u0026quot;activate this flag by default\u0026quot;. For boolean flags,\n\u003ccode\u003edefault=True\u003c/code\u003e is returned as a literal value. :issue:\u003ccode\u003e3111\u003c/code\u003e :pr:\u003ccode\u003e3239\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark \u003ccode\u003emake_default_short_help\u003c/code\u003e as private API. :issue:\u003ccode\u003e3189\u003c/code\u003e :pr:\u003ccode\u003e3250\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCliRunner\u003c/code\u003e's redirected streams now expose the original file descriptor\nvia \u003ccode\u003efileno()\u003c/code\u003e, so that \u003ccode\u003efaulthandler\u003c/code\u003e, \u003ccode\u003esubprocess\u003c/code\u003e, and other\nC-level consumers no longer crash with \u003ccode\u003eio.UnsupportedOperation\u003c/code\u003e.\n:issue:\u003ccode\u003e2865\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange :class:\u003ccode\u003eParameterSource\u003c/code\u003e to an :class:\u003ccode\u003e~enum.IntEnum\u003c/code\u003e and reorder\nits members from most to least explicit, so values can be compared to\ncheck whether a parameter was explicitly provided. :issue:\u003ccode\u003e2879\u003c/code\u003e :pr:\u003ccode\u003e3248\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.3.2\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-02\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eflag_value\u003c/code\u003e when \u003ccode\u003eis_flag=False\u003c/code\u003e to allow such options to be\nused without an explicit value. :issue:\u003ccode\u003e3084\u003c/code\u003e :pr:\u003ccode\u003e3152\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eHide \u003ccode\u003eSentinel.UNSET\u003c/code\u003e values as \u003ccode\u003eNone\u003c/code\u003e when using \u003ccode\u003elookup_default()\u003c/code\u003e.\n:issue:\u003ccode\u003e3136\u003c/code\u003e :pr:\u003ccode\u003e3199\u003c/code\u003e :pr:\u003ccode\u003e3202\u003c/code\u003e :pr:\u003ccode\u003e3209\u003c/code\u003e :pr:\u003ccode\u003e3212\u003c/code\u003e :pr:\u003ccode\u003e3224\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c06d2d0a6aee6bcc50bd8257be2a4a592f4e75d0\"\u003e\u003ccode\u003ec06d2d0\u003c/code\u003e\u003c/a\u003e Release 8.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/f1f191ecd2c790b161187c78e7c88440e9524e5c\"\u003e\u003ccode\u003ef1f191e\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3343\"\u003e#3343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/bb59ba0fd279ca085d1113f0499b6a602ca31081\"\u003e\u003ccode\u003ebb59ba0\u003c/code\u003e\u003c/a\u003e Apply format guidelines to commits since latest 8.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4a352253c9ff013e36d11e4a6820d36d00ff2cd4\"\u003e\u003ccode\u003e4a35225\u003c/code\u003e\u003c/a\u003e Reduce blast-radius of \u003ccode\u003eUNSET\u003c/code\u003e in \u003ccode\u003edefault_map\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3240\"\u003e#3240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c07bb936de43fd303f9cfbefe248ab23fd2199c8\"\u003e\u003ccode\u003ec07bb93\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into unset-in-default-map\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/c7e1ba8448cbcb2cdd9c1c7f4a592e863dcc3995\"\u003e\u003ccode\u003ec7e1ba8\u003c/code\u003e\u003c/a\u003e Reorder \u003ccode\u003eParameterSource\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3248\"\u003e#3248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/76552ff1e8c85837f911fc34037e702ae4327eda\"\u003e\u003ccode\u003e76552ff\u003c/code\u003e\u003c/a\u003e Show default string in prompt (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3328\"\u003e#3328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/ac5cec5fe54e5a691e7bac17f441ce9498e0744c\"\u003e\u003ccode\u003eac5cec5\u003c/code\u003e\u003c/a\u003e Reorder ParameterSource from most to least explicit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c452e00e6772931b7071d9316b82b77e5b8f280\"\u003e\u003ccode\u003e8c452e0\u003c/code\u003e\u003c/a\u003e Merge branch 'stable' into show-default-string-in-prompt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/8c95c73bd5ef89eac638f85f1904a104ba4b1a32\"\u003e\u003ccode\u003e8c95c73\u003c/code\u003e\u003c/a\u003e Reconcile default value passing and default activation (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3239\"\u003e#3239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.1...8.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ecdsa` from 0.19.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/releases\"\u003eecdsa's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CI to use newer version of Ubuntu.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/blob/master/NEWS\"\u003eecdsa's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cul\u003e\n\u003cli\u003eRelease 0.19.2 (26 Mar 2026)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix CVE-2026-33936, a DER parsing issue in \u003ccode\u003eremove_octet_string()\u003c/code\u003e,\n\u003ccode\u003eremove_constructed()\u003c/code\u003e, and \u003ccode\u003eremove_implitic()\u003c/code\u003e where a truncated buffer\nwasn't detected. This can lead to high level functions, like\n\u003ccode\u003eSigningKey.from_der()\u003c/code\u003e to raise unexpected exceptions.\n(Mohamed Abdelaal (0xmrma))\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI to use newer version of Ubuntu.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.1 (13 Mar 2025)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eder.remove_implitic\u003c/code\u003e and \u003ccode\u003eder.encode_implicit\u003c/code\u003e for decoding and\nencoding DER IMPLICIT values with custom tag values and arbitrary\nclasses\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinor fixes around arithmetic with curves that have non-prime order\n(useful for experimentation, not practical deployments)\u003c/li\u003e\n\u003cli\u003eFix arithmetic to work with curves that have (0, 0) on the curve\u003c/li\u003e\n\u003cli\u003eFix canonicalization of signatures when \u003ccode\u003es\u003c/code\u003e is just slightly\nabove half of curve order\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDropped official support for Python 3.5 (again, issues with CI, support\nfor Python 2.6 and Python 2.7 is unchanged)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOfficialy support Python 3.12 and 3.13 (add them to CI)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoval of few more unnecessary \u003ccode\u003esix.b\u003c/code\u003e literals (Alexandre Detiste)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix typos in warning messages\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRelease 0.19.0 (08 Apr 2024)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew API:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eto_ssh\u003c/code\u003e in \u003ccode\u003eVerifyingKey\u003c/code\u003e and \u003ccode\u003eSigningKey\u003c/code\u003e, supports Ed25519 keys only\n(Pablo Mazzini)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNew features:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for twisted Brainpool curves\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDoc fix:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix curve equation in glossary\u003c/li\u003e\n\u003cli\u003eDocumentation for signature encoding and signature decoding functions\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eMaintenance:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped official support for 3.3 and 3.4 (because of problems running them\nin CI, not because it's actually incompatible; support for 2.6 and 2.7 is\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/bd66899550d7185939bf27b75713a2ac9325a9d3\"\u003e\u003ccode\u003ebd66899\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/9c046ee7f61649a8a43d3f6f9c64f13e76e148db\"\u003e\u003ccode\u003e9c046ee\u003c/code\u003e\u003c/a\u003e tests: reject truncated DER lengths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/acc40fdaf7bb09aafc912a687ca6ed063ecaface\"\u003e\u003ccode\u003eacc40fd\u003c/code\u003e\u003c/a\u003e der: reject truncated lengths in octet/implicit/constructed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/55aca7830c41af8d6b66ce2ba71fb9aac35085ec\"\u003e\u003ccode\u003e55aca78\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/tlsfuzzer/python-ecdsa/issues/363\"\u003e#363\u003c/a\u003e from gstarovo/ubuntu20-deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/commit/c4f0df174ad3ae75e59f4e9f47d4a912f5fe21cf\"\u003e\u003ccode\u003ec4f0df1\u003c/code\u003e\u003c/a\u003e chore: change to ubuntu-22 since u-20 is deprecated\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/tlsfuzzer/python-ecdsa/compare/python-ecdsa-0.19.1...python-ecdsa-0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.128.0 to 0.136.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.1\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Update Pydantic v2 code to address deprecations. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15101\"\u003e#15101\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔨 Tweak translation script. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15174\"\u003e#15174\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mkdocs-material from 9.7.1 to 9.7.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15408\"\u003e#15408\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump inline-snapshot from 0.31.1 to 0.32.6. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15409\"\u003e#15409\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-codspeed from 4.3.0 to 4.4.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15407\"\u003e#15407\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest-cov from 7.0.0 to 7.1.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15406\"\u003e#15406\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.14.1 to 3.15.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15405\"\u003e#15405\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump mypy from 1.19.1 to 1.20.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15410\"\u003e#15410\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-dotenv from 1.2.1 to 1.2.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15400\"\u003e#15400\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump starlette from 0.52.1 to 1.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15397\"\u003e#15397\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygithub from 2.8.1 to 2.9.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15396\"\u003e#15396\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pyjwt from 2.12.0 to 2.12.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15393\"\u003e#15393\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump zizmor from 1.23.1 to 1.24.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15394\"\u003e#15394\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.312.3 to 0.314.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15395\"\u003e#15395\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump python-multipart from 0.0.22 to 0.0.26. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15360\"\u003e#15360\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump authlib from 1.6.9 to 1.6.11. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15373\"\u003e#15373\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump aiohttp from 3.13.3 to 3.13.4. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15282\"\u003e#15282\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pygments from 2.19.2 to 2.20.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15263\"\u003e#15263\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pymdown-extensions from 10.20.1 to 10.21.2. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15391\"\u003e#15391\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pillow from 12.1.1 to 12.2.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15333\"\u003e#15333\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump pytest from 9.0.2 to 9.0.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15334\"\u003e#15334\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/upload-artifact from 7.0.0 to 7.0.1. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15374\"\u003e#15374\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/cache from 5.0.4 to 5.0.5. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15385\"\u003e#15385\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Zuplo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15369\"\u003e#15369\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Update sponsors: remove Speakeasy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15368\"\u003e#15368\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15316\"\u003e#15316\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.0\u003c/h2\u003e\n\u003ch3\u003eUpgrades\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆️ Support free-threaded Python 3.14t. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15149\"\u003e#15149\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.4\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔥 Remove April Fool's \u003ccode\u003e@app.vibe()\u003c/code\u003e 🤪. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15363\"\u003e#15363\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e⬆ Bump cryptography from 46.0.5 to 46.0.7. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15314\"\u003e#15314\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15309\"\u003e#15309\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔨 Add pre-commit hook to ensure latest release header has date. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15293\"\u003e#15293\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.135.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/e54e5a8980ffa6d7ff68ee7b25a1c46036375521\"\u003e\u003ccode\u003ee54e5a8\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/9a8a5fd99902c3b80d4cc94b85e120e2b808825f\"\u003e\u003ccode\u003e9a8a5fd\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7815a32f2ed177b8b786a48b3e0712c05b5c644f\"\u003e\u003ccode\u003e7815a32\u003c/code\u003e\u003c/a\u003e ⬆️ Update Pydantic v2 code to address deprecations (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15101\"\u003e#15101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ef1c927b0558d414e199a666833942a6fabb3a51\"\u003e\u003ccode\u003eef1c927\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/38039e12a86e67f2001b9b7d96c219691d6cb4af\"\u003e\u003ccode\u003e38039e1\u003c/code\u003e\u003c/a\u003e 🔨 Tweak translation script (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15174\"\u003e#15174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4fa826ce0a3b16884a04f51e5aac95d01790b599\"\u003e\u003ccode\u003e4fa826c\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c39415673e621665fdb7bbdde69beba7eb1dfd12\"\u003e\u003ccode\u003ec394156\u003c/code\u003e\u003c/a\u003e ⬆ Bump mkdocs-material from 9.7.1 to 9.7.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15408\"\u003e#15408\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/ae230ad2f9d90a4e3f6222ff1a5d6e8da41ec0ad\"\u003e\u003ccode\u003eae230ad\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/d9eb39d1a1bf2f6e6e5d3a55088f61c712cb864e\"\u003e\u003ccode\u003ed9eb39d\u003c/code\u003e\u003c/a\u003e ⬆ Bump inline-snapshot from 0.31.1 to 0.32.6 (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15409\"\u003e#15409\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/4f8b5d14d324ae8e15cfae8d85adb4186d4c2175\"\u003e\u003ccode\u003e4f8b5d1\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.128.0...0.136.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fsspec` from 2026.1.0 to 2026.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8fdedd1fd17be354f75f0cec1f973d93416c704b\"\u003e\u003ccode\u003e8fdedd1\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/8205d0d1afecb64f34565ebeb073b7f1959a869d\"\u003e\u003ccode\u003e8205d0d\u003c/code\u003e\u003c/a\u003e Release (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/50bfba22200077fa602038857e19d58cc2541db5\"\u003e\u003ccode\u003e50bfba2\u003c/code\u003e\u003c/a\u003e Merge branch 'master' of \u003ca href=\"https://github.com/fsspec/filesystem_spec\"\u003ehttps://github.com/fsspec/filesystem_spec\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/f58bc851213ab3a87b2d26c01c9d26b291b0e1d3\"\u003e\u003ccode\u003ef58bc85\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/c6c7b40b7794c6e554d9dcae7bf4930bba67e403\"\u003e\u003ccode\u003ec6c7b40\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/3bc67f85c3b67c5adef11af35761fd839de306fb\"\u003e\u003ccode\u003e3bc67f8\u003c/code\u003e\u003c/a\u003e DEP: de-duplicate and sort optional dependencies (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/0b290bf1336bb15d4327afcdf743d9a17b5ea762\"\u003e\u003ccode\u003e0b290bf\u003c/code\u003e\u003c/a\u003e docs: add URL handling note to HTTPFileSystem class docstring (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/b33a2d6c3b6912c645d9a315791f41e74bff4c66\"\u003e\u003ccode\u003eb33a2d6\u003c/code\u003e\u003c/a\u003e ci: install downstream systems like gcsfs before testing so the \u003ccode\u003e_version.py\u003c/code\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/e9e7a5b5eab42b6c6d0790aa0aa510f66fc44630\"\u003e\u003ccode\u003ee9e7a5b\u003c/code\u003e\u003c/a\u003e Delegate DirFileSystem delete and write_text (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2022\"\u003e#2022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fsspec/filesystem_spec/commit/105d614a443e3f46236deb87442cc5491741687c\"\u003e\u003ccode\u003e105d614\u003c/code\u003e\u003c/a\u003e fix: use encode_url() in _pipe_file for consistency (\u003ca href=\"https://redirect.github.com/fsspec/filesystem_spec/issues/2023\"\u003e#2023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fsspec/filesystem_spec/compare/2026.1.0...2026.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.rst\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.13 (2026-04-22)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect classification error for codepoint U+A7F1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e3.12 (2026-04-21)\n+++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to Unicode 17.0.0.\u003c/li\u003e\n\u003cli\u003eIssue a deprecation warning for the transitional argument.\u003c/li\u003e\n\u003cli\u003eAdded lazy-loading to provide some performance improvements.\u003c/li\u003e\n\u003cli\u003eRemoved vestiges of code related to Python 2 support, including\nsegmentation of data structures specific to Jython.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Rodrigo Nogueira for contributions to this release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/89cdfd27338896cee6b1ee18e64c96ac28684ce0\"\u003e\u003ccode\u003e89cdfd2\u003c/code\u003e\u003c/a\u003e Release v3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1eb068687543118147417a8d8a70674e2c172891\"\u003e\u003ccode\u003e1eb0686\u003c/code\u003e\u003c/a\u003e Pre-release 3.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5f20d1e41eea3b3873d18d83d7a384784f72a92e\"\u003e\u003ccode\u003e5f20d1e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/220\"\u003e#220\u003c/a\u003e from kjd/unicode-next\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/4ea84252ab21e62a79e5a3273746112b5dcfb810\"\u003e\u003ccode\u003e4ea8425\u003c/code\u003e\u003c/a\u003e Regenerate idnadata.py with correct NFKC_CF data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/fd47341a08bbdcffda33694211ca4de10170cd41\"\u003e\u003ccode\u003efd47341\u003c/code\u003e\u003c/a\u003e Use NFKC_CF from Unicode data files instead of Python's unicodedata module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/a5304a4cdbd7b31595f8ac42ffdfa88f5b936467\"\u003e\u003ccode\u003ea5304a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/219\"\u003e#219\u003c/a\u003e from kjd/release-3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d80d6f9254d699961fa2c669a1534cde9d4ee5b6\"\u003e\u003ccode\u003ed80d6f9\u003c/code\u003e\u003c/a\u003e Release v3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1bb44ddb3f2a9dcf97a6ac11aba34e5b6ed31291\"\u003e\u003ccode\u003e1bb44dd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/218\"\u003e#218\u003c/a\u003e from kjd/release-candidate-3.12rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/909c49d15b8d159be163bccc7972116baffdb47b\"\u003e\u003ccode\u003e909c49d\u003c/code\u003e\u003c/a\u003e Release candidate for 3.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c5459a10370f005dc09921aee3201b5a45699f9d\"\u003e\u003ccode\u003ec5459a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/217\"\u003e#217\u003c/a\u003e from kjd/housekeeping-2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jinja2` from 3.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/releases\"\u003ejinja2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.6/\"\u003ehttps://pypi.org/project/Jinja2/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\"\u003ehttps://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\"\u003ehttps://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.5/\"\u003ehttps://pypi.org/project/Jinja2/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/changes/#version-3-1-5\"\u003ehttps://jinja.palletsprojects.com/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/jinja/milestone/16?closed=1\"\u003ehttps://github.com/pallets/jinja/milestone/16?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as by passing a stored reference to a filter that calls its argument. \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h\"\u003eGHSA-q2x7-8rv6-6q7h\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1792\"\u003e#1792\u003c/a\u003e, \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699\"\u003eGHSA-gmj6-6f8f-6699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence types. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1952\"\u003e#1952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in \u003ccode\u003eTemplate.generate_async\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1960\"\u003e#1960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment when calling block references. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1701\"\u003e#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another async-aware filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1781\"\u003e#1781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1921\"\u003e#1921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e call. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e objects. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2025\"\u003e#2025\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2061\"\u003e#2061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were searched. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not contain the templates directory. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1705\"\u003e#1705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1880\"\u003e#1880\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1870\"\u003e#1870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTests decorated with \u003ccode\u003e@pass_context\u003c/code\u003e can be used with the \u003ccode\u003e|select\u003c/code\u003e filter. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1624\"\u003e#1624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e for multiple assignment (\u003ccode\u003ea, b = 1, 2\u003c/code\u003e) does not fail when the target is a namespace attribute. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1413\"\u003e#1413\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUsing \u003ccode\u003eset\u003c/code\u003e in all branches of \u003ccode\u003e{% if %}{% elif %}{% else %}\u003c/code\u003e blocks does not cause the variable to be considered initially undefined. \u003ca href=\"https://redirect.github.com/pallets/jinja/issues/1253\"\u003e#1253\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Jinja2/3.1.4/\"\u003ehttps://pypi.org/project/Jinja2/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\"\u003ehttps://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003exmlattr\u003c/code\u003e filter does not allow keys with \u003ccode\u003e/\u003c/code\u003e solidus, \u003ccode\u003e\u0026gt;\u003c/code\u003e greater-than sign, or \u003ccode\u003e=\u003c/code\u003e equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is a fix release for the 3.1.x feature branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\"\u003eGHSA-h5c8-rqwp-cp95\u003c/a\u003e. You are affected if you are using \u003ccode\u003exmlattr\u003c/code\u003e and passing user input as attribute keys.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/jinja/blob/main/CHANGES.rst\"\u003ejinja2's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2025-03-05\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003e|attr\u003c/code\u003e filter does not bypass the environment's attribute lookup,\nallowing the sandbox to apply its checks. :ghsa:\u003ccode\u003ecpwx-vrp4-4pq7\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2024-12-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe sandboxed environment handles indirect calls to \u003ccode\u003estr.format\u003c/code\u003e, such as\nby passing a stored reference to a filter that calls its argument.\n:ghsa:\u003ccode\u003eq2x7-8rv6-6q7h\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eEscape template name before formatting it into error messages, to avoid\nissues with names that contain f-string syntax.\n:issue:\u003ccode\u003e1792\u003c/code\u003e, :ghsa:\u003ccode\u003egmj6-6f8f-6699\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSandbox does not allow \u003ccode\u003eclear\u003c/code\u003e and \u003ccode\u003epop\u003c/code\u003e on known mutable sequence\ntypes. :issue:\u003ccode\u003e2032\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCalling sync \u003ccode\u003erender\u003c/code\u003e for an async template uses \u003ccode\u003easyncio.run\u003c/code\u003e.\n:pr:\u003ccode\u003e1952\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid unclosed \u003ccode\u003eauto_aiter\u003c/code\u003e warnings. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eReturn an \u003ccode\u003eaclose\u003c/code\u003e-able \u003ccode\u003eAsyncGenerator\u003c/code\u003e from\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving \u003ccode\u003eroot_render_func()\u003c/code\u003e unclosed in\n\u003ccode\u003eTemplate.generate_async\u003c/code\u003e. :pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAvoid leaving async generators unclosed in blocks, includes and extends.\n:pr:\u003ccode\u003e1960\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe runtime uses the correct \u003ccode\u003econcat\u003c/code\u003e function for the current environment\nwhen calling block references. :issue:\u003ccode\u003e1701\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003e|unique\u003c/code\u003e async-aware, allowing it to be used after another\nasync-aware filter. :issue:\u003ccode\u003e1781\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e|int\u003c/code\u003e filter handles \u003ccode\u003eOverflowError\u003c/code\u003e from scientific notation.\n:issue:\u003ccode\u003e1921\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMake compiling deterministic for tuple unpacking in a \u003ccode\u003e{% set ... %}\u003c/code\u003e\ncall. :issue:\u003ccode\u003e2021\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix dunder protocol (\u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e/etc) interaction with \u003ccode\u003eUndefined\u003c/code\u003e\nobjects. :issue:\u003ccode\u003e2025\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecopy\u003c/code\u003e/\u003ccode\u003epickle\u003c/code\u003e support for the internal \u003ccode\u003emissing\u003c/code\u003e object.\n:issue:\u003ccode\u003e2027\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEnvironment.overlay(enable_async)\u003c/code\u003e is applied correctly. :pr:\u003ccode\u003e2061\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe error message from \u003ccode\u003eFileSystemLoader\u003c/code\u003e includes the paths that were\nsearched. :issue:\u003ccode\u003e1661\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ePackageLoader\u003c/code\u003e shows a clearer error message when the package does not\ncontain the templates directory. :issue:\u003ccode\u003e1705\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove annotations for methods returning copies. :pr:\u003ccode\u003e1880\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eurlize\u003c/code\u003e does not add \u003ccode\u003emailto:\u003c/code\u003e to values like \u003ccode\u003e@a@b\u003c/code\u003e. :pr:\u003ccode\u003e1870\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/15206881c006c79667fe5154fe80c01c65410679\"\u003e\u003ccode\u003e1520688\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403\"\u003e\u003ccode\u003e90457bb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7\"\u003e\u003ccode\u003e065334d\u003c/code\u003e\u003c/a\u003e attr filter uses env.getattr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/033c20015c7ca899ab52eb921bb0f08e6d3dd145\"\u003e\u003ccode\u003e033c200\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/bc68d4efa99c5f77334f0e519628558059ae8c35\"\u003e\u003ccode\u003ebc68d4e\u003c/code\u003e\u003c/a\u003e use global contributing guide (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/247de5e0c5062a792eb378e50e13e692885ee486\"\u003e\u003ccode\u003e247de5e\u003c/code\u003e\u003c/a\u003e use global contributing guide\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/ab8218c7a1b66b62e0ad6b941bd514e3a64a358f\"\u003e\u003ccode\u003eab8218c\u003c/code\u003e\u003c/a\u003e use project advisory link instead of global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/b4ffc8ff299dfd360064bea4cd2f862364601ad2\"\u003e\u003ccode\u003eb4ffc8f\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/jinja/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/877f6e51be8e1765b06d911cfaa9033775f051d1\"\u003e\u003ccode\u003e877f6e5\u003c/code\u003e\u003c/a\u003e release version 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/jinja/commit/8d588592653b052f957b720e1fc93196e06f207f\"\u003e\u003ccode\u003e8d58859\u003c/code\u003e\u003c/a\u003e remove test pypi\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/jinja/compare/3.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.12.0 to 0.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/dcdc93df6b9c6eb53facb0fff725069d9528d735\"\u003e\u003ccode\u003edcdc93d\u003c/code\u003e\u003c/a\u003e Prepare release v0.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/974695165327d19c93eb7b6030050c6555125ff2\"\u003e\u003ccode\u003e9746951\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/247\"\u003e#247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/7f311e91b35e9896a43d0f57e7a3ca905efb1a5b\"\u003e\u003ccode\u003e7f311e9\u003c/code\u003e\u003c/a\u003e Use Python 3.13 in Wasm workflow (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/246\"\u003e#246\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/52d6f7df7d7eb94ec8cc3307d466e49ef98fdf60\"\u003e\u003ccode\u003e52d6f7d\u003c/code\u003e\u003c/a\u003e Update pyodide to 0.28 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/245\"\u003e#245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/40c53b38ef8049e222f11ed345f2309ad3e5e249\"\u003e\u003ccode\u003e40c53b3\u003c/code\u003e\u003c/a\u003e remove hyperlint (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/244\"\u003e#244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/891a4d4f127b6d720439755c20e7193ad83531f9\"\u003e\u003ccode\u003e891a4d4\u003c/code\u003e\u003c/a\u003e Update to edition 2024, MSRV 1.88 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/b14af5e412454275d6a303f4517faec74bfcc4c1\"\u003e\u003ccode\u003eb14af5e\u003c/code\u003e\u003c/a\u003e Avoid stack overflow in \u003ccode\u003ePyStringCache\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/239\"\u003e#239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/1764e65598dc197402769a054160583c26da9ef8\"\u003e\u003ccode\u003e1764e65\u003c/code\u003e\u003c/a\u003e Introduce zizmor (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/242\"\u003e#242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/29a5e6dd444c950d57ef347ff42f4015174e7d27\"\u003e\u003ccode\u003e29a5e6d\u003c/code\u003e\u003c/a\u003e Add yamlfmt (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/cb40f58b9d3baf89d3a68b1ee9ce4919a592025e\"\u003e\u003ccode\u003ecb40f58\u003c/code\u003e\u003c/a\u003e Modernize project setup using uv (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.12.0...v0.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lxml` from 6.0.2 to 6.1.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lxml/lxml/blob/master/CHANGES.txt\"\u003elxml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e6.1.0 (2026-04-17)\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/wandile0157/smartdoc-ai-backend/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wandile0157%2Fsmartdoc-ai-backend/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"0.6.2","new_version":"0.6.3","update_type":"patch","path":null,"pr_created_at":"2026-04-25T17:30:14.000Z","version_change":"0.6.2 → 0.6.3","issue":{"uuid":"4328788762","node_id":"PR_kwDOQnZ8zc7Vn8p7","number":67,"state":"closed","title":"deps(pip): bump the pip-minor-and-patch group across 1 directory with 42 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T17:36:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T17:30:14.000Z","updated_at":"2026-04-25T17:36:25.000Z","time_to_close":369,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(pip): bump","group_name":"pip-minor-and-patch","update_count":42,"packages":[{"name":"dj-database-url","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/jazzband/dj-database-url"},{"name":"djangorestframework","old_version":"3.16.1","new_version":"3.17.1","repository_url":"https://github.com/encode/django-rest-framework"},{"name":"matplotlib","old_version":"3.10.8","new_version":"3.10.9","repository_url":"https://github.com/matplotlib/matplotlib"},{"name":"python-dotenv","old_version":"1.2.1","new_version":"1.2.2","repository_url":"https://github.com/theskumar/python-dotenv"},{"name":"django-environ","old_version":"0.12.1","new_version":"0.13.0","repository_url":"https://github.com/joke2k/django-environ"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"bandit","old_version":"1.9.3","new_version":"1.9.4","repository_url":"https://github.com/PyCQA/bandit"},{"name":"boto3","old_version":"1.42.39","new_version":"1.42.96","repository_url":"https://github.com/boto/boto3"},{"name":"botocore","old_version":"1.42.39","new_version":"1.42.96","repository_url":"https://github.com/boto/botocore"},{"name":"cbor2","old_version":"5.8.0","new_version":"5.9.0","repository_url":"https://github.com/agronholm/cbor2"},{"name":"celery","old_version":"5.6.2","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"charset-normalizer","old_version":"3.4.4","new_version":"3.4.7","repository_url":"https://github.com/jawah/charset_normalizer"},{"name":"click","old_version":"8.3.1","new_version":"8.3.3","repository_url":"https://github.com/pallets/click"},{"name":"coverage","old_version":"7.13.4","new_version":"7.13.5","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"daphne","old_version":"4.1.2","new_version":"4.2.1","repository_url":"https://github.com/django/daphne"},{"name":"djangorestframework-stubs","old_version":"3.16.8","new_version":"3.16.9","repository_url":"https://github.com/typeddjango/djangorestframework-stubs"},{"name":"filelock","old_version":"3.24.2","new_version":"3.29.0","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"gunicorn","old_version":"25.1.0","new_version":"25.3.0","repository_url":"https://github.com/benoitc/gunicorn"},{"name":"identify","old_version":"2.6.16","new_version":"2.6.19","repository_url":"https://github.com/pre-commit/identify"},{"name":"idna","old_version":"3.11","new_version":"3.13","repository_url":"https://github.com/kjd/idna"},{"name":"librt","old_version":"0.8.0","new_version":"0.9.0","repository_url":"https://github.com/mypyc/librt"},{"name":"mypy","old_version":"1.19.1","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"numpy","old_version":"2.4.2","new_version":"2.4.4","repository_url":"https://github.com/numpy/numpy"},{"name":"pathspec","old_version":"1.0.3","new_version":"1.1.0","repository_url":"https://github.com/cpburnz/python-pathspec"},{"name":"platformdirs","old_version":"4.9.2","new_version":"4.9.6","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"prometheus-client","old_version":"0.24.1","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"pyasn1","old_version":"0.6.2","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"pygments","old_version":"2.19.2","new_version":"2.20.0","repository_url":"https://github.com/pygments/pygments"},{"name":"pyjwt","old_version":"2.11.0","new_version":"2.12.1","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pyopenssl","old_version":"26.0.0","new_version":"26.1.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"pytest-env","old_version":"1.3.2","new_version":"1.6.0","repository_url":"https://github.com/pytest-dev/pytest-env"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.1","repository_url":"https://github.com/psf/requests"},{"name":"ruff","old_version":"0.15.1","new_version":"0.15.12","repository_url":"https://github.com/astral-sh/ruff"},{"name":"s3transfer","old_version":"0.16.0","new_version":"0.16.1","repository_url":"https://github.com/boto/s3transfer"},{"name":"stevedore","old_version":"5.6.0","new_version":"5.7.0"},{"name":"types-requests","old_version":"2.32.4.20250913","new_version":"2.33.0.20260408","repository_url":"https://github.com/python/typeshed"},{"name":"uvicorn","old_version":"0.41.0","new_version":"0.46.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"wheel","old_version":"0.46.3","new_version":"0.47.0","repository_url":"https://github.com/pypa/wheel"},{"name":"zope-interface","old_version":"8.2","new_version":"8.4","repository_url":"https://github.com/zopefoundation/zope.interface"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-minor-and-patch group with 42 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dj-database-url](https://github.com/jazzband/dj-database-url) | `3.1.0` | `3.1.2` |\n| [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.1` | `3.17.1` |\n| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.8` | `3.10.9` |\n| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |\n| [django-environ](https://github.com/joke2k/django-environ) | `0.12.1` | `0.13.0` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [bandit](https://github.com/PyCQA/bandit) | `1.9.3` | `1.9.4` |\n| [boto3](https://github.com/boto/boto3) | `1.42.39` | `1.42.96` |\n| [botocore](https://github.com/boto/botocore) | `1.42.39` | `1.42.96` |\n| [cbor2](https://github.com/agronholm/cbor2) | `5.8.0` | `5.9.0` |\n| [celery](https://github.com/celery/celery) | `5.6.2` | `5.6.3` |\n| [charset-normalizer](https://github.com/jawah/charset_normalizer) | `3.4.4` | `3.4.7` |\n| [click](https://github.com/pallets/click) | `8.3.1` | `8.3.3` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.4` | `7.13.5` |\n| [daphne](https://github.com/django/daphne) | `4.1.2` | `4.2.1` |\n| [djangorestframework-stubs](https://github.com/typeddjango/djangorestframework-stubs) | `3.16.8` | `3.16.9` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.24.2` | `3.29.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `25.1.0` | `25.3.0` |\n| [identify](https://github.com/pre-commit/identify) | `2.6.16` | `2.6.19` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.13` |\n| [librt](https://github.com/mypyc/librt) | `0.8.0` | `0.9.0` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `1.20.2` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.2` | `2.4.4` |\n| [pathspec](https://github.com/cpburnz/python-pathspec) | `1.0.3` | `1.1.0` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.2` | `4.9.6` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.24.1` | `0.25.0` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.6.2` | `0.6.3` |\n| [pygments](https://github.com/pygments/pygments) | `2.19.2` | `2.20.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.11.0` | `2.12.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.1.0` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [pytest-env](https://github.com/pytest-dev/pytest-env) | `1.3.2` | `1.6.0` |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.1` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.1` | `0.15.12` |\n| [s3transfer](https://github.com/boto/s3transfer) | `0.16.0` | `0.16.1` |\n| [stevedore](https://docs.openstack.org/stevedore) | `5.6.0` | `5.7.0` |\n| [types-requests](https://github.com/python/typeshed) | `2.32.4.20250913` | `2.33.0.20260408` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.41.0` | `0.46.0` |\n| [wheel](https://github.com/pypa/wheel) | `0.46.3` | `0.47.0` |\n| [zope-interface](https://github.com/zopefoundation/zope.interface) | `8.2` | `8.4` |\n\n\nUpdates `dj-database-url` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jazzband/dj-database-url/releases\"\u003edj-database-url's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cryptography from 46.0.3 to 46.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/293\"\u003ejazzband/dj-database-url#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump django from 5.2.9 to 5.2.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/294\"\u003ejazzband/dj-database-url#294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump urllib3 from 2.6.2 to 2.6.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/295\"\u003ejazzband/dj-database-url#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump wheel from 0.45.1 to 0.46.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/296\"\u003ejazzband/dj-database-url#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/297\"\u003ejazzband/dj-database-url#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/293\"\u003ejazzband/dj-database-url#293\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jazzband/dj-database-url/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/jazzband/dj-database-url/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests directory to source distribution by \u003ca href=\"https://github.com/yohaann196\"\u003e\u003ccode\u003e@​yohaann196\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/285\"\u003ejazzband/dj-database-url#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch linting and formatting from flake8+isort+black to ruff; add typos to pre-commit; fix typos by \u003ca href=\"https://github.com/akx\"\u003e\u003ccode\u003e@​akx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/281\"\u003ejazzband/dj-database-url#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd project URLs to pyproject.toml by \u003ca href=\"https://github.com/luzfcb\"\u003e\u003ccode\u003e@​luzfcb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/287\"\u003ejazzband/dj-database-url#287\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate .pre-commit-config.yaml to use pinned version numbers. by \u003ca href=\"https://github.com/mattseymour\"\u003e\u003ccode\u003e@​mattseymour\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/289\"\u003ejazzband/dj-database-url#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[pre-commit.ci] pre-commit autoupdate by \u003ca href=\"https://github.com/pre-commit-ci\"\u003e\u003ccode\u003e@​pre-commit-ci\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/291\"\u003ejazzband/dj-database-url#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yohaann196\"\u003e\u003ccode\u003e@​yohaann196\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/285\"\u003ejazzband/dj-database-url#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/luzfcb\"\u003e\u003ccode\u003e@​luzfcb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/pull/287\"\u003ejazzband/dj-database-url#287\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jazzband/dj-database-url/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/jazzband/dj-database-url/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jazzband/dj-database-url/blob/master/CHANGELOG.md\"\u003edj-database-url's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/e77149f799f971f85d2cd1ccf01dbd3f0eb69cb5\"\u003e\u003ccode\u003ee77149f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/6beffe6de6a2d6284d6c5c76ee6753cc8787aee2\"\u003e\u003ccode\u003e6beffe6\u003c/code\u003e\u003c/a\u003e Fix a regression in adding tests/ dir to source package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/f9c31305ae85f1a22d2102da0b83acb577154d97\"\u003e\u003ccode\u003ef9c3130\u003c/code\u003e\u003c/a\u003e Bump wheel from 0.45.1 to 0.46.2 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/5337838ac302faaec32c969712dc44dfe28d4e15\"\u003e\u003ccode\u003e5337838\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.2 to 2.6.3 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/6fc366459ff21030c49ba613d1c129f615ee4228\"\u003e\u003ccode\u003e6fc3664\u003c/code\u003e\u003c/a\u003e Bump django from 5.2.9 to 5.2.11 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/19805c97f3667da652ce57df0be0e02a1187d6b8\"\u003e\u003ccode\u003e19805c9\u003c/code\u003e\u003c/a\u003e Bump cryptography from 46.0.3 to 46.0.5 (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/1b102cd42868d49321ec10393ecaae5cedb912b5\"\u003e\u003ccode\u003e1b102cd\u003c/code\u003e\u003c/a\u003e Update project URLs in pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/e41afda72b5ee6e4433ba044fe065afe1399ed48\"\u003e\u003ccode\u003ee41afda\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/dba60770813761db92bba5753a6694e25c39a5a0\"\u003e\u003ccode\u003edba6077\u003c/code\u003e\u003c/a\u003e Update .pre-commit-config.yaml to use pinned version numbers. (\u003ca href=\"https://redirect.github.com/jazzband/dj-database-url/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jazzband/dj-database-url/commit/e6f4ccc49d31feaab4e9f930525573e60c5c4cfb\"\u003e\u003ccode\u003ee6f4ccc\u003c/code\u003e\u003c/a\u003e Add pytest to dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jazzband/dj-database-url/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `djangorestframework` from 3.16.1 to 3.17.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/encode/django-rest-framework/releases\"\u003edjangorestframework's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9928\"\u003eencode/django-rest-framework#9928\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\"\u003ehttps://github.com/encode/django-rest-framework/compare/3.17.0...3.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBreaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.9 by \u003ca href=\"https://github.com/auvipy\"\u003e\u003ccode\u003e@​auvipy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9781\"\u003eencode/django-rest-framework#9781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop deprecated coreapi support by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9895\"\u003eencode/django-rest-framework#9895\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to specify output format for \u003ccode\u003eDurationField\u003c/code\u003e by \u003ca href=\"https://github.com/sevdog\"\u003e\u003ccode\u003e@​sevdog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/8532\"\u003eencode/django-rest-framework#8532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing decorators: \u003ccode\u003e@versioning_class()\u003c/code\u003e, \u003ccode\u003e@content_negotiation_class()\u003c/code\u003e, \u003ccode\u003e@metadata_class()\u003c/code\u003e for function-based views by \u003ca href=\"https://github.com/qqii\"\u003e\u003ccode\u003e@​qqii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9719\"\u003eencode/django-rest-framework#9719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for Python 3.14 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9780\"\u003eencode/django-rest-framework#9780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eviolation_error_code\u003c/code\u003e and \u003ccode\u003eviolation_error_message\u003c/code\u003e from \u003ccode\u003eUniqueConstraint\u003c/code\u003e in \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e by \u003ca href=\"https://github.com/s-aleshin\"\u003e\u003ccode\u003e@​s-aleshin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9766\"\u003eencode/django-rest-framework#9766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eipaddress\u003c/code\u003e objects in \u003ccode\u003eJSONEncoder\u003c/code\u003e by \u003ca href=\"https://github.com/corenting\"\u003e\u003ccode\u003e@​corenting\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9087\"\u003eencode/django-rest-framework#9087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional support to serialize \u003ccode\u003eBigInteger\u003c/code\u003e to string by \u003ca href=\"https://github.com/HoodyH\"\u003e\u003ccode\u003e@​HoodyH\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9775\"\u003eencode/django-rest-framework#9775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Django 6.0 support by \u003ca href=\"https://github.com/MehrazRumman\"\u003e\u003ccode\u003e@​MehrazRumman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9819\"\u003eencode/django-rest-framework#9819\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent small risk of \u003ccode\u003eToken\u003c/code\u003e overwrite by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9754\"\u003eencode/django-rest-framework#9754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eUniqueTogetherValidator\u003c/code\u003e validation when condition references a read-only field by \u003ca href=\"https://github.com/ticosax\"\u003e\u003ccode\u003e@​ticosax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9764\"\u003eencode/django-rest-framework#9764\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix validation on many to many field when \u003ccode\u003edefault=None\u003c/code\u003e by \u003ca href=\"https://github.com/Genarito\"\u003e\u003ccode\u003e@​Genarito\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9790\"\u003eencode/django-rest-framework#9790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid SPDX license expression in \u003ccode\u003e__init__.py\u003c/code\u003e by \u003ca href=\"https://github.com/TheFunctionalGuy\"\u003e\u003ccode\u003e@​TheFunctionalGuy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9799\"\u003eencode/django-rest-framework#9799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e to ensure a valid \u003ccode\u003edatetime-local\u003c/code\u003e format by \u003ca href=\"https://github.com/mgaligniana\"\u003e\u003ccode\u003e@​mgaligniana\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9365\"\u003eencode/django-rest-framework#9365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mutable default arguments in OrderingFilter methods by \u003ca href=\"https://github.com/killerdevildog\"\u003e\u003ccode\u003e@​killerdevildog\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9742\"\u003eencode/django-rest-framework#9742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate TokenAdmin to respect USERNAME_FIELD of the user model by \u003ca href=\"https://github.com/m000\"\u003e\u003ccode\u003e@​m000\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9836\"\u003eencode/django-rest-framework#9836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePreserve ordering in \u003ccode\u003eMultipleChoiceField\u003c/code\u003e by \u003ca href=\"https://github.com/fbozhang\"\u003e\u003ccode\u003e@​fbozhang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9735\"\u003eencode/django-rest-framework#9735\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate French translation by \u003ca href=\"https://github.com/SebCorbin\"\u003e\u003ccode\u003e@​SebCorbin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9770\"\u003eencode/django-rest-framework#9770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Brazilian Portuguese translations by \u003ca href=\"https://github.com/JVPinheiroReis\"\u003e\u003ccode\u003e@​JVPinheiroReis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9828\"\u003eencode/django-rest-framework#9828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix and improve French translations by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9896\"\u003eencode/django-rest-framework#9896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing Russian translation by \u003ca href=\"https://github.com/minorytanaka\"\u003e\u003ccode\u003e@​minorytanaka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9903\"\u003eencode/django-rest-framework#9903\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate packaging to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/deronnax\"\u003e\u003ccode\u003e@​deronnax\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9056\"\u003eencode/django-rest-framework#9056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMove package data rules from \u003ccode\u003eMANIFEST.in\u003c/code\u003e to \u003ccode\u003epyproject.toml\u003c/code\u003e by \u003ca href=\"https://github.com/p-r-a-v-i-n\"\u003e\u003ccode\u003e@​p-r-a-v-i-n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9825\"\u003eencode/django-rest-framework#9825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet up release workflow with trusted publisher by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9852\"\u003eencode/django-rest-framework#9852\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactor token generation to use the \u003ccode\u003esecrets\u003c/code\u003e module by \u003ca href=\"https://github.com/mahdirahimi1999\"\u003e\u003ccode\u003e@​mahdirahimi1999\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9760\"\u003eencode/django-rest-framework#9760\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd validation for decorator out-of-order with \u003ccode\u003e@api_view\u003c/code\u003e by \u003ca href=\"https://github.com/kernelshard\"\u003e\u003ccode\u003e@​kernelshard\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9821\"\u003eencode/django-rest-framework#9821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to mkdocs material theme for documentation by \u003ca href=\"https://github.com/browniebroke\"\u003e\u003ccode\u003e@​browniebroke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9849\"\u003eencode/django-rest-framework#9849\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/khaledsukkar2\"\u003e\u003ccode\u003e@​khaledsukkar2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/encode/django-rest-framework/pull/9717\"\u003eencode/django-rest-framework#9717\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/22e231cf2f77b4cfe929de875d958b93916b1a8b\"\u003e\u003ccode\u003e22e231c\u003c/code\u003e\u003c/a\u003e Prepare bug fix release 3.17.1 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9931\"\u003e#9931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/8e99b53db7b122417580ec2993ac6776b4d858d5\"\u003e\u003ccode\u003e8e99b53\u003c/code\u003e\u003c/a\u003e Add condition to skip pushed tags from forks (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9924\"\u003e#9924\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c0407dee6ef8a5603c2d5d34373d724be7b98188\"\u003e\u003ccode\u003ec0407de\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eHTMLFormRenderer\u003c/code\u003e with empty \u003ccode\u003edatetime\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9928\"\u003e#9928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/30d58a75eeef7097f97cdc9f171d2ec741b36d30\"\u003e\u003ccode\u003e30d58a7\u003c/code\u003e\u003c/a\u003e Fix the book sizing in the documentation (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9926\"\u003e#9926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/6f03b79c057c470524b12e9ac46bc2bb384570e0\"\u003e\u003ccode\u003e6f03b79\u003c/code\u003e\u003c/a\u003e Tweak order of changes in release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/021ab5664b085594876032cf062c1220bc1ca03c\"\u003e\u003ccode\u003e021ab56\u003c/code\u003e\u003c/a\u003e Bump version and update release notes for 3.17.0 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9921\"\u003e#9921\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/19ebad70ae560e3f83c0e30af6be7c7df3b5aeec\"\u003e\u003ccode\u003e19ebad7\u003c/code\u003e\u003c/a\u003e Bump mkdocs-material[imaging] from 9.7.4 to 9.7.5 (\u003ca href=\"https://redirect.github.com/encode/django-rest-framework/issues/9923\"\u003e#9923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/f222c55d8a498c9770f2795c6cd34fedffaf043c\"\u003e\u003ccode\u003ef222c55\u003c/code\u003e\u003c/a\u003e Correct requires-python key in pyproject.toml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/7e7de6fceee3ad2e20b0dd93b119b6b00eadd797\"\u003e\u003ccode\u003e7e7de6f\u003c/code\u003e\u003c/a\u003e Remove code fences from release checklist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/encode/django-rest-framework/commit/c599d309490fe59ae385954ad544a64b58abffd2\"\u003e\u003ccode\u003ec599d30\u003c/code\u003e\u003c/a\u003e Update release process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/encode/django-rest-framework/compare/3.16.1...3.17.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib` from 3.10.8 to 3.10.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/matplotlib/matplotlib/releases\"\u003ematplotlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.10.9\u003c/h2\u003e\n\u003cp\u003eThis is a micro release of the v3.10.x series.\nHighlights of this release include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious minor bug and doc fixes\u003c/li\u003e\n\u003cli\u003eSecurity hardening validation of cyclers - Removing eval usage\u003c/li\u003e\n\u003cli\u003eSecurity hardening in Latex and PS calls - Removing shell escapes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/dd8d78b8dce60b6c8db86132892577a0b9dbe469\"\u003e\u003ccode\u003edd8d78b\u003c/code\u003e\u003c/a\u003e REL: v3.10.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/2fb18915bcfe69a188832c776fe18d88337de9bc\"\u003e\u003ccode\u003e2fb1891\u003c/code\u003e\u003c/a\u003e REL: Release prep v3.10.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/d0e923abfa016c04901fe4e315b9d215949f6fc5\"\u003e\u003ccode\u003ed0e923a\u003c/code\u003e\u003c/a\u003e Merge branch 'v3.10.8-doc' into v3.10.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/163793248a5fc9f23a560e45551c44351a8bd716\"\u003e\u003ccode\u003e1637932\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31558\"\u003e#31558\u003c/a\u003e from meeseeksmachine/auto-backport-of-pr-31556-on-v...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/a83faacb0dbe7edd1bae38e1e715b77b6aaebb84\"\u003e\u003ccode\u003ea83faac\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31556\"\u003e#31556\u003c/a\u003e: FIX: Inverted PyErr_Occurred check in enum type caster (_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/a4f57ab0623f9d26be29e0a3b0de904667c7eeb7\"\u003e\u003ccode\u003ea4f57ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31545\"\u003e#31545\u003c/a\u003e from ksunden/backport-of-pr-31282-on-v3.10.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/063288d0cc912aa2af5cc1b7e7ca3d228d9f8976\"\u003e\u003ccode\u003e063288d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31544\"\u003e#31544\u003c/a\u003e from ksunden/backport-of-pr-31248-on-v3.10.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/b2ed1969191a03ec8927f96573664474662ab4c1\"\u003e\u003ccode\u003eb2ed196\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31248\"\u003e#31248\u003c/a\u003e: SEC: Remove eval() from validate_cycler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/acc60241a70b920eaf04fce41a8cf0a77010fb7d\"\u003e\u003ccode\u003eacc6024\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31282\"\u003e#31282\u003c/a\u003e from scottshambaugh/tex_no_shell\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matplotlib/matplotlib/commit/e3fb54163b1ce9dbc1a9e8e0973289dc14e366c2\"\u003e\u003ccode\u003ee3fb541\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/matplotlib/matplotlib/issues/31078\"\u003e#31078\u003c/a\u003e from meeseeksmachine/auto-backport-of-pr-31075-on-v...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/matplotlib/matplotlib/compare/v3.10.8...v3.10.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/releases\"\u003epython-dotenv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.2.2\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (#)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/607\"\u003etheskumar/python-dotenv#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e#790c5\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by \u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMisc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eskip 000 permission tests for root user by \u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 5 to 6 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/593\"\u003etheskumar/python-dotenv#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Windows testing to CI by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/604\"\u003etheskumar/python-dotenv#604\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove workflow efficiency with best practices by \u003ca href=\"https://github.com/theskumar\"\u003e\u003ccode\u003e@​theskumar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/609\"\u003etheskumar/python-dotenv#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove the use of \u003ccode\u003esh\u003c/code\u003e in tests by \u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/612\"\u003etheskumar/python-dotenv#612\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/590\"\u003etheskumar/python-dotenv#590\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/burnout-projects\"\u003e\u003ccode\u003e@​burnout-projects\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/561\"\u003etheskumar/python-dotenv#561\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cpackham-atlnz\"\u003e\u003ccode\u003e@​cpackham-atlnz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/pull/597\"\u003etheskumar/python-dotenv#597\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ehttps://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md\"\u003epython-dotenv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.2] - 2026-03-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for Python 3.14, including the free-threaded (3.14t) build. (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edotenv run\u003c/code\u003e command now forwards flags directly to the specified command by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/607\"\u003e#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved documentation clarity regarding override behavior and the reference page.\u003c/li\u003e\n\u003cli\u003eUpdated PyPy support to version 3.11.\u003c/li\u003e\n\u003cli\u003eDocumentation for FIFO file support.\u003c/li\u003e\n\u003cli\u003eDropped Support for Python 3.9.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved \u003ccode\u003eset_key\u003c/code\u003e and \u003ccode\u003eunset_key\u003c/code\u003e behavior when interacting with symlinks by [\u003ca href=\"https://github.com/bbc2\"\u003e\u003ccode\u003e@​bbc2\u003c/code\u003e\u003c/a\u003e] in [790c5c0]\u003c/li\u003e\n\u003cli\u003eCorrected the license specifier and added missing Python 3.14 classifiers in package metadata by [\u003ca href=\"https://github.com/JYOuyang\"\u003e\u003ccode\u003e@​JYOuyang\u003c/code\u003e\u003c/a\u003e] in \u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/590\"\u003e#590\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBreaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e and \u003ccode\u003edotenv.unset_key\u003c/code\u003e used to follow symlinks in some\nsituations. This is no longer the case. For that behavior to be restored in\nall cases, \u003ccode\u003efollow_symlinks=True\u003c/code\u003e should be used.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn the CLI, \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e used to follow symlinks in some situations. This\nis no longer the case.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003edotenv.set_key\u003c/code\u003e, \u003ccode\u003edotenv.unset_key\u003c/code\u003e and the CLI commands \u003ccode\u003eset\u003c/code\u003e and \u003ccode\u003eunset\u003c/code\u003e\nused to reset the file mode of the modified .env file to \u003ccode\u003e0o600\u003c/code\u003e in some\nsituations. This is no longer the case: The original mode of the file is now\npreserved. Is the file needed to be created or wasn't a regular file, mode\n\u003ccode\u003e0o600\u003c/code\u003e is used.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/36004e0e34be7665ff2b11a8a4005144f76f176d\"\u003e\u003ccode\u003e36004e0\u003c/code\u003e\u003c/a\u003e Bump version: 1.2.1 → 1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/eb202520e5933c9daf42501e1e42fdb0144002c8\"\u003e\u003ccode\u003eeb20252\u003c/code\u003e\u003c/a\u003e docs: update changelog for v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/790c5c02991100aa1bf41ee5330aca75edc51311\"\u003e\u003ccode\u003e790c5c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/43340da220fb4ca4f95357bbe21a3c7f8f1278b1\"\u003e\u003ccode\u003e43340da\u003c/code\u003e\u003c/a\u003e Remove the use of \u003ccode\u003esh\u003c/code\u003e in tests (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/09d7cee32459e7abdcb5c9d8122a552589c06a9c\"\u003e\u003ccode\u003e09d7cee\u003c/code\u003e\u003c/a\u003e docs: clarify override behavior and document FIFO support (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/c8de2887c00198c22842c5ae5e92d1747467363c\"\u003e\u003ccode\u003ec8de288\u003c/code\u003e\u003c/a\u003e ci: improve workflow efficiency with best practices (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/7bd9e3dbfedc0983ad7d56d5570013035242bdf4\"\u003e\u003ccode\u003e7bd9e3d\u003c/code\u003e\u003c/a\u003e Add Windows testing to CI (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/604\"\u003e#604\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/1baaf04f336072e0ee324d5df9563ec767f14f81\"\u003e\u003ccode\u003e1baaf04\u003c/code\u003e\u003c/a\u003e Drop Python 3.9 support and update to PyPy 3.11 (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/608\"\u003e#608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/4a22cf8993804aeede0c20b75bb1a29d3a99e9dc\"\u003e\u003ccode\u003e4a22cf8\u003c/code\u003e\u003c/a\u003e ci: enable testing on Python 3.14t (free-threaded) (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/588\"\u003e#588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/theskumar/python-dotenv/commit/e2e8e776b42e382ae38b44d3982dd649e7507dd4\"\u003e\u003ccode\u003ee2e8e77\u003c/code\u003e\u003c/a\u003e Fix license specifier (\u003ca href=\"https://redirect.github.com/theskumar/python-dotenv/issues/597\"\u003e#597\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `django-environ` from 0.12.1 to 0.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/django-environ/releases\"\u003edjango-environ's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.13.0\u003c/h2\u003e\n\u003ch2\u003e\u003ccode\u003ev0.13.0\u003c/code\u003e_ - 18-February-2026\u003c/h2\u003e\n\u003cp\u003eAdded\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded optional warnings when defaults are used\n\u003ccode\u003e[#582](https://github.com/joke2k/django-environ/issues/582) \u0026lt;https://github.com/joke2k/django-environ/pull/582\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003echoices\u003c/code\u003e argument support for value validation in \u003ccode\u003eEnv.str(...)\u003c/code\u003e\n\u003ccode\u003e[#555](https://github.com/joke2k/django-environ/issues/555) \u0026lt;https://github.com/joke2k/django-environ/pull/555\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded Valkey support via \u003ccode\u003evalkey://\u003c/code\u003e and \u003ccode\u003evalkeys://\u003c/code\u003e cache URL schemes\n\u003ccode\u003e[#554](https://github.com/joke2k/django-environ/issues/554) \u0026lt;https://github.com/joke2k/django-environ/pull/554\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003erediss://\u003c/code\u003e scheme in channels URL parsing\n\u003ccode\u003e[#573](https://github.com/joke2k/django-environ/issues/573) \u0026lt;https://github.com/joke2k/django-environ/pull/573\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded django-prometheus database backend aliases to DB URL parsing schemes\n\u003ccode\u003e[#559](https://github.com/joke2k/django-environ/issues/559) \u0026lt;https://github.com/joke2k/django-environ/pull/559\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanged\n+++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeclared support for Python 3.14\n\u003ccode\u003e[#580](https://github.com/joke2k/django-environ/issues/580) \u0026lt;https://github.com/joke2k/django-environ/pull/580\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eDeclared support for Django 5.2 and Django 6.0\n\u003ccode\u003e[#578](https://github.com/joke2k/django-environ/issues/578) \u0026lt;https://github.com/joke2k/django-environ/pull/578\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixed\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImproved type hint coverage and related lint issues\n\u003ccode\u003e[#546](https://github.com/joke2k/django-environ/issues/546) \u0026lt;https://github.com/joke2k/django-environ/pull/546\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eFixed typos in the FAQ page\n\u003ccode\u003e[#445](https://github.com/joke2k/django-environ/issues/445) \u0026lt;https://github.com/joke2k/django-environ/pull/445\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/joke2k/django-environ/blob/develop/CHANGELOG.rst\"\u003edjango-environ's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev0.13.0\u003c/code\u003e_ - 18-February-2026\u003c/h2\u003e\n\u003cp\u003eAdded\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded optional warnings when defaults are used\n\u003ccode\u003e[#582](https://github.com/joke2k/django-environ/issues/582) \u0026lt;https://github.com/joke2k/django-environ/pull/582\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003echoices\u003c/code\u003e argument support for value validation in \u003ccode\u003eEnv.str(...)\u003c/code\u003e\n\u003ccode\u003e[#555](https://github.com/joke2k/django-environ/issues/555) \u0026lt;https://github.com/joke2k/django-environ/pull/555\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded Valkey support via \u003ccode\u003evalkey://\u003c/code\u003e and \u003ccode\u003evalkeys://\u003c/code\u003e cache URL schemes\n\u003ccode\u003e[#554](https://github.com/joke2k/django-environ/issues/554) \u0026lt;https://github.com/joke2k/django-environ/pull/554\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003erediss://\u003c/code\u003e scheme in channels URL parsing\n\u003ccode\u003e[#573](https://github.com/joke2k/django-environ/issues/573) \u0026lt;https://github.com/joke2k/django-environ/pull/573\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eAdded django-prometheus database backend aliases to DB URL parsing schemes\n\u003ccode\u003e[#559](https://github.com/joke2k/django-environ/issues/559) \u0026lt;https://github.com/joke2k/django-environ/pull/559\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanged\n+++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeclared support for Python 3.14\n\u003ccode\u003e[#580](https://github.com/joke2k/django-environ/issues/580) \u0026lt;https://github.com/joke2k/django-environ/pull/581\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eDeclared support for Django 5.2 and Django 6.0\n\u003ccode\u003e[#578](https://github.com/joke2k/django-environ/issues/578) \u0026lt;https://github.com/joke2k/django-environ/pull/578\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFixed\n+++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImproved type hint coverage and related lint issues\n\u003ccode\u003e[#546](https://github.com/joke2k/django-environ/issues/546) \u0026lt;https://github.com/joke2k/django-environ/pull/546\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eFixed typos in the FAQ page\n\u003ccode\u003e[#445](https://github.com/joke2k/django-environ/issues/445) \u0026lt;https://github.com/joke2k/django-environ/pull/445\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/00746d0f63d37dcafad527ea7a820a46f8fb81e0\"\u003e\u003ccode\u003e00746d0\u003c/code\u003e\u003c/a\u003e docs: add Django 5.2 and 6.0 support to README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/d1f115932aed9d21c38c898c3ae4b4b678cd210d\"\u003e\u003ccode\u003ed1f1159\u003c/code\u003e\u003c/a\u003e Release 0.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/d82e361ddb7ffdad01451623d806d402c3a657fd\"\u003e\u003ccode\u003ed82e361\u003c/code\u003e\u003c/a\u003e Add optional warnings when defaults are used (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/582\"\u003e#582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/a78f7c888d840c1b1903371f2424ee641906c923\"\u003e\u003ccode\u003ea78f7c8\u003c/code\u003e\u003c/a\u003e Fixed some typos in the FAQ page (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/445\"\u003e#445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/24b299e002f3bcc14983eef4be770edb143338dc\"\u003e\u003ccode\u003e24b299e\u003c/code\u003e\u003c/a\u003e Feature/add choice parameter and raise an exception if fetched value is not w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/c4414130f4cf11704e9f1ea446c68074f69c0b54\"\u003e\u003ccode\u003ec441413\u003c/code\u003e\u003c/a\u003e Add django-prometheus database backends to DB_SCHEMES (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/98a0aad4c10e789d84e572a3f97a5a9cf9080973\"\u003e\u003ccode\u003e98a0aad\u003c/code\u003e\u003c/a\u003e Fix lint issues in environ type hints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/f4e77e41e629ae8631da9582241f7db527085699\"\u003e\u003ccode\u003ef4e77e4\u003c/code\u003e\u003c/a\u003e feat(cache): add valkey and valkeys as allowed schemes (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/dd4d308baea427b5e820a8ac326b0d63e557c956\"\u003e\u003ccode\u003edd4d308\u003c/code\u003e\u003c/a\u003e Add type hints (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/joke2k/django-environ/commit/3137c4f733f90a14a12da9fc252d446357190537\"\u003e\u003ccode\u003e3137c4f\u003c/code\u003e\u003c/a\u003e Support lower case options for Django Redis cache backend (\u003ca href=\"https://redirect.github.com/joke2k/django-environ/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/joke2k/django-environ/compare/v0.12.1...v0.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anyio` from 4.12.1 to 4.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/anyio/releases\"\u003eanyio's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.13.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9\u003c/li\u003e\n\u003cli\u003eAdded a \u003ccode\u003ettl\u003c/code\u003e parameter to the \u003ccode\u003eanyio.functools.lru_cache\u003c/code\u003e wrapper (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1073\"\u003e#1073\u003c/a\u003e; PR by \u003ca href=\"https://github.com/Graeme22\"\u003e\u003ccode\u003e@​Graeme22\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWidened the type annotations of file I/O streams to accept \u003ccode\u003eIO[bytes]\u003c/code\u003e instead of just \u003ccode\u003eBinaryIO\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eanyio.Path\u003c/code\u003e not being compatible with Python 3.15 due to the removal of \u003ccode\u003epathlib.Path.is_reserved()\u003c/code\u003e and the addition of \u003ccode\u003epathlib.Path.__vfspath__()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1061\"\u003e#1061\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eBrokenResourceError\u003c/code\u003e raised by the asyncio \u003ccode\u003eSocketStream\u003c/code\u003e not having the original exception as its cause (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1055\"\u003e#1055\u003c/a\u003e; PR by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eTypeError\u003c/code\u003e raised when using \u0026quot;func\u0026quot; as a parameter name in \u003ccode\u003epytest.mark.parametrize\u003c/code\u003e when using the pytest plugin (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1068\"\u003e#1068\u003c/a\u003e; PR by \u003ca href=\"https://github.com/JohnnyDeuss\"\u003e\u003ccode\u003e@​JohnnyDeuss\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed the pytest plugin not running tests that had the \u003ccode\u003eanyio\u003c/code\u003e marker added programmatically via \u003ccode\u003epytest_collection_modifyitems\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/422\"\u003e#422\u003c/a\u003e; PR by \u003ca href=\"https://github.com/chbndrhnns\"\u003e\u003ccode\u003e@​chbndrhnns\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when they are contained in an exception group alongside non-cancellation exceptions (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1091\"\u003e#1091\u003c/a\u003e; PR by \u003ca href=\"https://github.com/gschaffner\"\u003e\u003ccode\u003e@​gschaffner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eCondition.wait()\u003c/code\u003e not passing on a notification when the task is cancelled but already received a notification\u003c/li\u003e\n\u003cli\u003eFixed inverted condition in the process pool shutdown phase which would cause still-running pooled processes not to be terminated (\u003ca href=\"https://redirect.github.com/agronholm/anyio/pull/1074\"\u003e#1074\u003c/a\u003e; PR by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/afbe93ca9d0c447adf26e9c1715ac20870622bf2\"\u003e\u003ccode\u003eafbe93c\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/33bdf2e4b4f40c2df178123746147a6d2471808d\"\u003e\u003ccode\u003e33bdf2e\u003c/code\u003e\u003c/a\u003e Rearranged the changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/19e09e25bc5a23dd78a577d8c3909dd377057c78\"\u003e\u003ccode\u003e19e09e2\u003c/code\u003e\u003c/a\u003e Fixed inverted condition in _forcibly_shutdown_process_pool_on_exit (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/9369d80b9e8292f2a892a9d5c73923c6a28aa08c\"\u003e\u003ccode\u003e9369d80\u003c/code\u003e\u003c/a\u003e Fixed Condition.wait() not handing over notification when cancelled\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/6f122abdc6f6b166c6b6ac27d36d55cdf8fa08e8\"\u003e\u003ccode\u003e6f122ab\u003c/code\u003e\u003c/a\u003e Fixed cancellation exceptions leaking from a \u003ccode\u003eCancelScope\u003c/code\u003e on asyncio when th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/beaa45aff568a4020f2faf317321dd92f0e1f4a0\"\u003e\u003ccode\u003ebeaa45a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/602f6606dcf3f37702686a4f3e161328c537b07f\"\u003e\u003ccode\u003e602f660\u003c/code\u003e\u003c/a\u003e Widened type annotations to accept IO[bytes] in file streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/b5dcd45170701a756ba634197398f05d4710cab3\"\u003e\u003ccode\u003eb5dcd45\u003c/code\u003e\u003c/a\u003e Added note about erasing the template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/d68670b3b4e0917d4caff2de082e03220f3e05a1\"\u003e\u003ccode\u003ed68670b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/anyio/commit/fc17a22dd948e6a3d90d99908813f0010dfc3d2c\"\u003e\u003ccode\u003efc17a22\u003c/code\u003e\u003c/a\u003e tweak to_thread docs about abandon_on_cancel (\u003ca href=\"https://redirect.github.com/agronholm/anyio/issues/1088\"\u003e#1088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/anyio/compare/4.12.1...4.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bandit` from 1.9.3 to 1.9.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PyCQA/bandit/releases\"\u003ebandit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.9.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: fixed some typos in comments by \u003ca href=\"https://github.com/jakob1379\"\u003e\u003ccode\u003e@​jakob1379\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1351\"\u003ePyCQA/bandit#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/login-action from 3.6.0 to 3.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1353\"\u003ePyCQA/bandit#1353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump docker/build-push-action from 6.18.0 to 6.19.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1357\"\u003ePyCQA/bandit#1357\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix B613 crash when reading from stdin by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1361\"\u003ePyCQA/bandit#1361\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude filename in nosec 'no failed test' warning by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1363\"\u003ePyCQA/bandit#1363\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix B615 false positive when revision is set via variable by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1358\"\u003ePyCQA/bandit#1358\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLower version guard in check_ast_node to Python 3.12 by \u003ca href=\"https://github.com/rcgray\"\u003e\u003ccode\u003e@​rcgray\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1355\"\u003ePyCQA/bandit#1355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix B106 reporting wrong line number on multiline function calls by \u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1360\"\u003ePyCQA/bandit#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jakob1379\"\u003e\u003ccode\u003e@​jakob1379\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1351\"\u003ePyCQA/bandit#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/worksbyfriday\"\u003e\u003ccode\u003e@​worksbyfriday\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1361\"\u003ePyCQA/bandit#1361\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rcgray\"\u003e\u003ccode\u003e@​rcgray\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/PyCQA/bandit/pull/1355\"\u003ePyCQA/bandit#1355\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4\"\u003ehttps://github.com/PyCQA/bandit/compare/1.9.3...1.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/92ae8b82fb422a639f0ed8d99e96cea769594e08\"\u003e\u003ccode\u003e92ae8b8\u003c/code\u003e\u003c/a\u003e Fix B106 reporting wrong line number on multiline function calls (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1360\"\u003e#1360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/c8c8a55c3307333b8eb46cb2ef46d49b1fad6546\"\u003e\u003ccode\u003ec8c8a55\u003c/code\u003e\u003c/a\u003e Lower version guard in check_ast_node to Python 3.12 (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/8f2f9284fca830ca017b2e2cc3ddc2a7b74b7040\"\u003e\u003ccode\u003e8f2f928\u003c/code\u003e\u003c/a\u003e Fix B615 false positive when revision is set via variable (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1358\"\u003e#1358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/e27493f71c114e0e5dfc0a475d225d7f9f4a7e2b\"\u003e\u003ccode\u003ee27493f\u003c/code\u003e\u003c/a\u003e Include filename in nosec 'no failed test' warning (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1363\"\u003e#1363\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/b69b336450301d424e5ba04c9a58e8d41b7169b6\"\u003e\u003ccode\u003eb69b336\u003c/code\u003e\u003c/a\u003e Fix B613 crash when reading from stdin (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1361\"\u003e#1361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/e418b798abcc3f2b00c07fd6315da8fe9aeead00\"\u003e\u003ccode\u003ee418b79\u003c/code\u003e\u003c/a\u003e Bump docker/build-push-action from 6.18.0 to 6.19.2 (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1357\"\u003e#1357\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/ff646fd7e0e34fb350196fc58448fad17178c27a\"\u003e\u003ccode\u003eff646fd\u003c/code\u003e\u003c/a\u003e Bump docker/login-action from 3.6.0 to 3.7.0 (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1353\"\u003e#1353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PyCQA/bandit/commit/c0def6c7ebab60f98c28ba759d488f4fbe6dae89\"\u003e\u003ccode\u003ec0def6c\u003c/code\u003e\u003c/a\u003e chore: fixed some typos in comments (\u003ca href=\"https://redirect.github.com/PyCQA/bandit/issues/1351\"\u003e#1351\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/PyCQA/bandit/compare/1.9.3...1.9.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.39 to 1.42.96\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/60921ee112275b89a361d137657d9d48daacbf2a\"\u003e\u003ccode\u003e60921ee\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.96'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/508588d61de44577d761094e3f204dd85a0eb3c0\"\u003e\u003ccode\u003e508588d\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.96\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/fd3d17795980826ef2b5e34fd4eb62338d1ecc55\"\u003e\u003ccode\u003efd3d177\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4be6bbd12cb1ad40505dab385bafab62e70a4da8\"\u003e\u003ccode\u003e4be6bbd\u003c/code\u003e\u003c/a\u003e chore: enable dependabot for pre-commit and refresh hook pins (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4775\"\u003e#4775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/a47ce816eb1f088956353335f2bd2cd56b6b1fc6\"\u003e\u003ccode\u003ea47ce81\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/4ccdda83164e69faf24839542d20a523c5263465\"\u003e\u003ccode\u003e4ccdda8\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/03cc5cdf7c550b4a36d43f07745f77aa9dbc0c9a\"\u003e\u003ccode\u003e03cc5cd\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.95\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/ab160a576b0e6e150a9752837fe5e52961ae7349\"\u003e\u003ccode\u003eab160a5\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/10094042f04226ec32ae43a7051c2635bc033164\"\u003e\u003ccode\u003e1009404\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.94'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/0017b80aa909dd8e95cfde8f79345cef8bcafc66\"\u003e\u003ccode\u003e0017b80\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.94' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.39...1.42.96\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `botocore` from 1.42.39 to 1.42.96\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/435c9a3f09d6ef9716e5d8a3c0d4be118cfbfe41\"\u003e\u003ccode\u003e435c9a3\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.96'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/804525091b40e8bdfd90f2145ebe73f59c6ba584\"\u003e\u003ccode\u003e8045250\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.96\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/243b48e8f21e9c814e63bbe93221590da6c48904\"\u003e\u003ccode\u003e243b48e\u003c/code\u003e\u003c/a\u003e Update endpoints model\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8ec506c1254150336916f8ed495df6529b9c5fb9\"\u003e\u003ccode\u003e8ec506c\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/8ce183e14781ff29cff89057e84b398d0f5f0c81\"\u003e\u003ccode\u003e8ce183e\u003c/code\u003e\u003c/a\u003e chore: enable dependabot for pre-commit and refresh hook pins (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/0aaee4ddba63cfd6337907ea8491a97424606586\"\u003e\u003ccode\u003e0aaee4d\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/daaf0f37dc534f42953184a0910d9a5ea154a967\"\u003e\u003ccode\u003edaaf0f3\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.42.95' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/157860ae07eb2b3f6c32cfaa4f10c48af69a084c\"\u003e\u003ccode\u003e157860a\u003c/code\u003e\u003c/a\u003e Bumping version to 1.42.95\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/19a789f6b7050d12b4188589a60efc454fdd6efc\"\u003e\u003ccode\u003e19a789f\u003c/code\u003e\u003c/a\u003e Update to latest models\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/botocore/commit/b88d178dd9bd410769f72e45f72e4d8e0716b2c4\"\u003e\u003ccode\u003eb88d178\u003c/code\u003e\u003c/a\u003e Merge customizations for CloudWatch OTel enrichment (\u003ca href=\"https://redirect.github.com/boto/botocore/issues/3676\"\u003e#3676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/botocore/compare/1.42.39...1.42.96\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cbor2` from 5.8.0 to 5.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/agronholm/cbor2/releases\"\u003ecbor2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003emax_depth\u003c/code\u003e decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209)\u003c/li\u003e\n\u003cli\u003eChanged the default \u003ccode\u003eread_size\u003c/code\u003e from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing \u003ccode\u003eread_size=4096\u003c/code\u003e when they don't need to access the stream directly after decoding. Added a direct read path for \u003ccode\u003eread_size=1\u003c/code\u003e to avoid buffer management overhead. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/275\"\u003e#275\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/254\"\u003e#254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a missed check for an exception in the C implementation of \u003ccode\u003eCBOREncoder.encode_shared()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/287\"\u003e#287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed two reference/memory leaks in the C extension's long string decoder (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/pull/290\"\u003e#290\u003c/a\u003e PR by \u003ca href=\"https://github.com/killiancowan82\"\u003e\u003ccode\u003e@​killiancowan82\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed C decoder ignoring the \u003ccode\u003estr_errors\u003c/code\u003e setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization. (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/255\"\u003e#255\u003c/a\u003e; PR by \u003ca href=\"https://github.com/andreer\"\u003e\u003ccode\u003e@​andreer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/93c598838d50b554e242920902aada82d32d55bc\"\u003e\u003ccode\u003e93c5988\u003c/code\u003e\u003c/a\u003e Bumped up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/d903d62c86de118e8abe626596f9be7b98ac44e9\"\u003e\u003ccode\u003ed903d62\u003c/code\u003e\u003c/a\u003e Updated the max_depth default value in the C function signature\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/2b53b2813d44a7919dae18747b5ac36cf9c5fb87\"\u003e\u003ccode\u003e2b53b28\u003c/code\u003e\u003c/a\u003e Stack allocate small strings (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a7ac10d5cbb7a8622e8270c201a131ac2abc26c7\"\u003e\u003ccode\u003ea7ac10d\u003c/code\u003e\u003c/a\u003e Upped the max_depth value to 400\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/54c8ed541c5f4842508cace5ff4b2aae54bc731b\"\u003e\u003ccode\u003e54c8ed5\u003c/code\u003e\u003c/a\u003e Fixed reference/memory leaks in decode_definite_long_string (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/a8d92dc3dc00233c796c4abccb5daa31089bf3c0\"\u003e\u003ccode\u003ea8d92dc\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/c91aa007117828560329a1624eabc5dad5435ebc\"\u003e\u003ccode\u003ec91aa00\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/agronholm/cbor2/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/53521e7ca96c7a19f8a529fe59ef566212a24b3f\"\u003e\u003ccode\u003e53521e7\u003c/code\u003e\u003c/a\u003e Fixed ssize_t to Py_ssize_t\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/94e0d2125fbfb183606afa9ef07754a8dba50748\"\u003e\u003ccode\u003e94e0d21\u003c/code\u003e\u003c/a\u003e Added missing Python counterpart for max_depth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/agronholm/cbor2/commit/bcb6cea4edde1d00ff4f0eece883dea951f66e1b\"\u003e\u003ccode\u003ebcb6cea\u003c/code\u003e\u003c/a\u003e Added the max_depth decoder parameter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/agronholm/cbor2/compare/5.8.0...5.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `celery` from 5.6.2 to 5.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/celery/celery/releases\"\u003ecelery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Django worker recursion bug + defensive checks for pool_cls.\u003cstrong\u003emodule\u003c/strong\u003e by \u003ca href=\"https://github.com/maycuatroi1\"\u003e\u003ccode\u003e@​maycuatroi1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10048\"\u003ecelery/celery#10048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update user_preload_options example to use click. by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10056\"\u003ecelery/celery#10056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid configuration key \u0026quot;bootstrap_servers\u0026quot; in Kafka demo by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10060\"\u003ecelery/celery#10060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix broken images on PyPI page by \u003ca href=\"https://github.com/Timour-Ilyas\"\u003e\u003ccode\u003e@​Timour-Ilyas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10066\"\u003ecelery/celery#10066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove broken reference. by \u003ca href=\"https://github.com/sueannioanis\"\u003e\u003ccode\u003e@​sueannioanis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10071\"\u003ecelery/celery#10071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved --dist=loadscope from smoke tests by \u003ca href=\"https://github.com/Nusnus\"\u003e\u003ccode\u003e@​Nusnus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10073\"\u003ecelery/celery#10073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Clarify task_retry signal args may be None by \u003ca href=\"https://github.com/GangEunzzang\"\u003e\u003ccode\u003e@​GangEunzzang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10076\"\u003ecelery/celery#10076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate example for Django by \u003ca href=\"https://github.com/sbc-khacnha\"\u003e\u003ccode\u003e@​sbc-khacnha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10081\"\u003ecelery/celery#10081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake tests compatible with pymongo \u0026gt;= 4.16 by \u003ca href=\"https://github.com/cjwatson\"\u003e\u003ccode\u003e@​cjwatson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10074\"\u003ecelery/celery#10074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: source install of cassandra-driver by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10105\"\u003ecelery/celery#10105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: register task cross-reference role in Sphinx extension by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10100\"\u003ecelery/celery#10100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid cycle detection in native delayed delivery by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10095\"\u003ecelery/celery#10095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by \u003ca href=\"https://github.com/mriddle\"\u003e\u003ccode\u003e@​mriddle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10086\"\u003ecelery/celery#10086\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix dusk_astronomical horizon sign (+18 -\u0026gt; -18) by \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10121\"\u003ecelery/celery#10121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10106 onupdate col use lambda func by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10108\"\u003ecelery/celery#10108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix warm shutdown RuntimeError with eventlet\u0026gt;=0.37.0 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10083\"\u003e#10083\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10123\"\u003ecelery/celery#10123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 10109 db backend connection health by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10124\"\u003ecelery/celery#10124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend filter unsupport sql engine arguments with nullpool \u003ca href=\"https://redirect.github.com/celery/celery/issues/7355\"\u003e#7355\u003c/a\u003e by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10134\"\u003ecelery/celery#10134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(beat): correct argument order in Service.\u003cstrong\u003ereduce\u003c/strong\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10137\"\u003ecelery/celery#10137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: declare explicit read-only token permissions in workflow jobs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10139\"\u003ecelery/celery#10139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: 'boto3to' to 'boto3 to' by \u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10133\"\u003ecelery/celery#10133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend: Add missing index on date_done (Fixes \u003ca href=\"https://redirect.github.com/celery/celery/issues/10097\"\u003e#10097\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10098\"\u003ecelery/celery#10098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in CONTRIBUTING.rst by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10141\"\u003ecelery/celery#10141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefer to Flower / Prometheus for monitoring by \u003ca href=\"https://github.com/WilliamDEdwards\"\u003e\u003ccode\u003e@​WilliamDEdwards\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10140\"\u003ecelery/celery#10140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: remove duplicated words in broker and routing docs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10146\"\u003ecelery/celery#10146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix stale version reference and grammar in README by \u003ca href=\"https://github.com/kelsonbrito50\"\u003e\u003ccode\u003e@​kelsonbrito50\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10145\"\u003ecelery/celery#10145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix wording in Celery 5.3 worker pool notes by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10149\"\u003ecelery/celery#10149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix duplicated wording in 3.1 changelog entry by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10152\"\u003ecelery/celery#10152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix changelog typo in context manager wording by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10144\"\u003ecelery/celery#10144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10096 worker fails to reconnect after redis failover by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10151\"\u003ecelery/celery#10151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove on_af...\n\n_Description has been truncated_","html_url":"https://github.com/rahim8050/weather-apis/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rahim8050%2Fweather-apis/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"}}]}