{"id":1215,"name":"pyopenssl","ecosystem":"pip","repository_url":"https://github.com/pyca/pyopenssl","issues_count":459,"created_at":"2025-06-06T15:01:41.781Z","updated_at":"2025-06-06T15:01:41.781Z","purl":"pkg:pypi/pyopenssl","metadata":{"id":2878467,"name":"pyopenssl","ecosystem":"pypi","description":"Python wrapper module around the OpenSSL library","homepage":"https://pyopenssl.org/","licenses":"Apache License, Version 2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/pyca/pyopenssl","keywords_array":[],"namespace":null,"versions_count":40,"first_release_published_at":"2008-04-11T19:49:06.000Z","latest_release_published_at":"2025-05-17T16:28:29.000Z","latest_release_number":"25.1.0","last_synced_at":"2025-06-06T01:02:57.997Z","created_at":"2022-04-10T12:16:18.602Z","updated_at":"2025-06-06T01:02:57.997Z","registry_url":"https://pypi.org/project/pyopenssl/","install_command":"pip install pyopenssl --index-url https://pypi.org/simple","documentation_url":"https://pyopenssl.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 6 - Mature","Intended Audience :: Developers","License :: OSI Approved :: Apache Software License","Operating System :: MacOS :: MacOS X","Operating System :: Microsoft :: Windows","Operating System :: POSIX","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.12","Programming Language :: Python :: 3.13","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Programming Language :: Python :: Implementation :: PyPy","Topic :: Security :: Cryptography","Topic :: Software Development :: Libraries :: Python Modules","Topic :: System :: Networking"],"normalized_name":"pyopenssl"},"repo_metadata":{"id":13096666,"uuid":"15778059","full_name":"pyca/pyopenssl","owner":"pyca","description":"A Python wrapper around the OpenSSL library","archived":false,"fork":false,"pushed_at":"2024-06-25T19:47:39.000Z","size":10514,"stargazers_count":871,"open_issues_count":87,"forks_count":422,"subscribers_count":53,"default_branch":"main","last_synced_at":"2024-06-28T11:12:49.349Z","etag":null,"topics":["cryptography","openssl","python","ssl","tls"],"latest_commit_sha":null,"homepage":"https://pyopenssl.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyca.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.rst","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-01-09T20:10:36.000Z","updated_at":"2024-06-29T22:11:16.847Z","dependencies_parsed_at":"2023-02-12T18:40:28.782Z","dependency_job_id":"a9092e6e-b122-4ec2-a21c-6d5c23e0919f","html_url":"https://github.com/pyca/pyopenssl","commit_stats":{"total_commits":1890,"total_committers":115,"mean_commits":"16.434782608695652","dds":0.7804232804232805,"last_synced_commit":"caa1ab3ac5c5096b20b69fac2e42cb67c6f716d1"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":209350641,"owners_count":14998019,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"pyca","name":"Python Cryptographic Authority","uuid":"5615737","kind":"organization","description":null,"email":null,"website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/5615737?v=4","repositories_count":7,"last_synced_at":"2024-03-25T19:58:32.183Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/pyca","funding_links":[],"total_stars":9342,"followers":129,"following":0,"created_at":"2022-11-02T16:22:49.629Z","updated_at":"2024-03-25T19:58:34.188Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyca/repositories"},"tags":[{"name":"24.1.0","sha":"d9f2c46de70c1aee20a4309424d9f506b7aae68e","kind":"tag","published_at":"2024-03-09T23:14:39.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/24.1.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/24.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/24.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/24.1.0/manifests"},{"name":"24.0.0","sha":"7f3e4f94701a5e19ec66e3601119dd6d62043cec","kind":"tag","published_at":"2024-01-23T01:42:02.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/24.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/24.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/24.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/24.0.0/manifests"},{"name":"23.3.0","sha":"5ba8ce10ed7c318e57516a7ec8447cbb5626d3f9","kind":"tag","published_at":"2023-10-26T03:04:40.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/23.3.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/23.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.3.0/manifests"},{"name":"23.2.0","sha":"d024506289d16b1325c3c7ddfd12c2d83301815b","kind":"tag","published_at":"2023-05-31T03:18:22.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/23.2.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/23.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.2.0/manifests"},{"name":"23.1.1","sha":"12bc43bc7a2faee3e7de742a705e19e05645fe12","kind":"tag","published_at":"2023-03-28T03:08:22.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/23.1.1","html_url":"https://github.com/pyca/pyopenssl/releases/tag/23.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.1.1/manifests"},{"name":"23.1.0","sha":"240ae6fd46ab2752148136ce5855e5e975adc96b","kind":"commit","published_at":"2023-03-24T04:54:34.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/23.1.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/23.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.1.0/manifests"},{"name":"23.0.0","sha":"f7e6a4d490359ea8f03ad05c6f8c9eb6462dbbe8","kind":"tag","published_at":"2023-01-02T04:29:07.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/23.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/23.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/23.0.0/manifests"},{"name":"22.1.0","sha":"d7e539c57f1ae43201acccada8f871acdcb51e44","kind":"tag","published_at":"2022-09-25T17:43:44.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/22.1.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/22.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/22.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/22.1.0/manifests"},{"name":"22.0.0","sha":"819095fa886db98cf43b6f0e66ba19c83d64d3c0","kind":"commit","published_at":"2022-01-29T20:08:05.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/22.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/22.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/22.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/22.0.0/manifests"},{"name":"21.0.0","sha":"51717970261d6283b681f5fa8347808409f0991d","kind":"commit","published_at":"2021-09-28T22:56:51.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/21.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/21.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/21.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/21.0.0/manifests"},{"name":"20.0.1","sha":"4211b909fb5aa2c4db2b0f5acbab1480972a0554","kind":"commit","published_at":"2020-12-15T15:30:35.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/20.0.1","html_url":"https://github.com/pyca/pyopenssl/releases/tag/20.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/20.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/20.0.1/manifests"},{"name":"20.0.0","sha":"de2dbf7c56b18ddc69d797b64859d57949dbf310","kind":"commit","published_at":"2020-11-27T21:47:04.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/20.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/20.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/20.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/20.0.0/manifests"},{"name":"19.1.0","sha":"da402f4a545256c5dfe78448c75dcf47fcd0b4d3","kind":"commit","published_at":"2019-11-18T04:47:22.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/19.1.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/19.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/19.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/19.1.0/manifests"},{"name":"19.0.0","sha":"c9a71e155f08a4d9af36c97b22df9f4215e6c995","kind":"commit","published_at":"2019-01-21T19:22:19.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/19.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/19.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/19.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/19.0.0/manifests"},{"name":"18.0.0","sha":"74de8a137d435d45c100b74cc971be556166a559","kind":"commit","published_at":"2018-05-16T19:12:28.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/18.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/18.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/18.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/18.0.0/manifests"},{"name":"17.5.0","sha":"d21fcd810317aa7579af0c194a61af377ade7f0e","kind":"tag","published_at":"2017-12-01T02:16:36.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/17.5.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/17.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.5.0/manifests"},{"name":"17.4.0","sha":"5a3fb407b3d7b2f2dcc144055ee707614ead1817","kind":"tag","published_at":"2017-11-21T18:20:33.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/17.4.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/17.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.4.0/manifests"},{"name":"17.3.0","sha":"9bd33dc016debc662f044204d5e2d186a9673837","kind":"tag","published_at":"2017-09-14T02:56:48.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/17.3.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/17.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.3.0/manifests"},{"name":"17.2.0","sha":"dd4466249bd5129fa3166324f46bd004b834567a","kind":"commit","published_at":"2017-07-20T09:39:51.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/17.2.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/17.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.2.0/manifests"},{"name":"17.1.0","sha":"a46d2347abbc0c3815f28fe0f48a1485479b0e66","kind":"tag","published_at":"2017-06-30T15:48:13.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/17.1.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/17.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.1.0/manifests"},{"name":"17.0.0","sha":"a5675658f18219317d99d5b15f796499418f100e","kind":"tag","published_at":"2017-04-20T11:00:56.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/17.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/17.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/17.0.0/manifests"},{"name":"16.2.0","sha":"c3b38e54183489a9afd11ce200bdb5317fc7ab75","kind":"tag","published_at":"2016-10-15T13:15:52.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/16.2.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/16.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/16.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/16.2.0/manifests"},{"name":"16.1.0","sha":"d0513ab27853727a11305cd1ca0090cd957e780a","kind":"tag","published_at":"2016-08-26T10:06:14.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/16.1.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/16.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/16.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/16.1.0/manifests"},{"name":"16.0.0","sha":"d954cf7c8647b7fd561b67d72808cb6c0d10bf77","kind":"commit","published_at":"2016-03-19T10:11:46.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/16.0.0","html_url":"https://github.com/pyca/pyopenssl/releases/tag/16.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/16.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/16.0.0/manifests"},{"name":"0.15.1","sha":"8adee5e7f8759886678ab83919d5956151e825f3","kind":"commit","published_at":"2015-04-14T23:01:10.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/0.15.1","html_url":"https://github.com/pyca/pyopenssl/releases/tag/0.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.15.1/manifests"},{"name":"0.15","sha":"468bd429a7d159fd13a6f999180c92afd6c1dffb","kind":"commit","published_at":"2015-04-14T15:22:04.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/0.15","html_url":"https://github.com/pyca/pyopenssl/releases/tag/0.15","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.15/manifests"},{"name":"0.14","sha":"0146d447e63a737b4f05a1164d5950eff68543e7","kind":"commit","published_at":"2014-02-23T12:59:19.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/0.14","html_url":"https://github.com/pyca/pyopenssl/releases/tag/0.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14/manifests"},{"name":"0.14a4","sha":"3dffd6287acc50fa8dfeba01e536f9ac2c5dcb3c","kind":"commit","published_at":"2014-02-12T15:47:44.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/0.14a4","html_url":"https://github.com/pyca/pyopenssl/releases/tag/0.14a4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14a4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14a4/manifests"},{"name":"0.14a3","sha":"99c6dc408b32cc34ac43f4dfcca806441ce0ff6d","kind":"commit","published_at":"2014-01-20T20:28:33.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/0.14a3","html_url":"https://github.com/pyca/pyopenssl/releases/tag/0.14a3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14a3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14a3/manifests"},{"name":"0.14a2","sha":"86ebb45812490b6c160414950e2bc950e17d319b","kind":"commit","published_at":"2014-01-11T19:48:09.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/0.14a2","html_url":"https://github.com/pyca/pyopenssl/releases/tag/0.14a2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14a2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/0.14a2/manifests"},{"name":"v0.14a1","sha":"f47de9688d03411b6e73e6023d21d8335947b46b","kind":"commit","published_at":"2014-01-10T01:20:24.000Z","download_url":"https://codeload.github.com/pyca/pyopenssl/tar.gz/v0.14a1","html_url":"https://github.com/pyca/pyopenssl/releases/tag/v0.14a1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/v0.14a1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyca%2Fpyopenssl/tags/v0.14a1/manifests"}]},"repo_metadata_updated_at":"2024-09-08T02:13:33.152Z","dependent_packages_count":417,"downloads":152655773,"downloads_period":"last-month","dependent_repos_count":13020,"rankings":{"downloads":0.013389409893856829,"dependent_repos_count":0.07410029585093368,"dependent_packages_count":0.05429130587098111,"stargazers_count":2.8902783713341904,"forks_count":3.4715254939866877,"docker_downloads_count":0.029896901543817304,"average":1.0889136297467445},"purl":"pkg:pypi/pyopenssl","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyY20tcGhjOS0zOTQ1","url":"https://github.com/advisories/GHSA-2rcm-phc9-3945","title":"Pyopenssl Incorrect Memory Management","description":"It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, resulting in a denial of service.\n\nThis attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection that would cause the calling application to reload certificates from a PKCS #12 store. This vulnerability appears to have been fixed in 17.5.0.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-10T16:10:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000808","https://github.com/pyca/pyopenssl/pull/723","https://access.redhat.com/errata/RHSA-2019:0085","https://github.com/advisories/GHSA-2rcm-phc9-3945","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509","https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-24.yaml","https://usn.ubuntu.com/3813-1"],"source_kind":"github","identifiers":["GHSA-2rcm-phc9-3945","CVE-2018-1000808"],"repository_url":"https://github.com/pyca/pyopenssl","blast_radius":24.276204806969822,"packages":[{"versions":[{"first_patched_version":"17.5.0","vulnerable_version_range":"\u003c 17.5.0"}],"ecosystem":"pypi","package_name":"pyopenssl"}],"created_at":"2022-12-21T16:13:35.893Z","updated_at":"2024-10-21T21:06:55.000Z","epss_percentage":0.00284,"epss_percentile":0.68251},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyOG0tMzRmNi05Njdx","url":"https://github.com/advisories/GHSA-p28m-34f6-967q","title":"PyOpenSSL Use-After-Free vulnerability","description":"It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This attack appears to be exploitable via Depends on the calling application and if it retains a reference to the memory. This vulnerability appears to have been fixed in 17.5.0.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-10T16:10:38.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-1000807","https://github.com/pyca/pyopenssl/pull/723","https://access.redhat.com/errata/RHSA-2019:0085","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509","https://github.com/pypa/advisory-database/tree/main/vulns/pyopenssl/PYSEC-2018-23.yaml","https://usn.ubuntu.com/3813-1","https://github.com/advisories/GHSA-p28m-34f6-967q"],"source_kind":"github","identifiers":["GHSA-p28m-34f6-967q","CVE-2018-1000807"],"repository_url":"https://github.com/pyca/pyopenssl","blast_radius":33.3283489722806,"packages":[{"versions":[{"first_patched_version":"17.5.0","vulnerable_version_range":"\u003c 17.5.0"}],"ecosystem":"pypi","package_name":"pyopenssl"}],"created_at":"2022-12-21T16:13:35.883Z","updated_at":"2025-01-12T01:10:35.679Z","epss_percentage":0.13469,"epss_percentile":0.95602}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/pyopenssl","docker_dependents_count":1202,"docker_downloads_count":2080280985,"usage_url":"https://repos.ecosyste.ms/usage/pypi/pyopenssl","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/pyopenssl/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyopenssl/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyopenssl/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyopenssl/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/pyopenssl/related_packages","maintainers":[{"uuid":"hynek","login":"hynek","name":null,"email":null,"url":null,"packages_count":22,"html_url":"https://pypi.org/user/hynek/","role":null,"created_at":"2022-12-14T05:08:49.670Z","updated_at":"2022-12-14T05:08:49.670Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/hynek/packages"},{"uuid":"exarkun","login":"exarkun","name":null,"email":null,"url":null,"packages_count":42,"html_url":"https://pypi.org/user/exarkun/","role":null,"created_at":"2022-12-14T05:08:49.651Z","updated_at":"2022-12-14T05:08:49.651Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/exarkun/packages"},{"uuid":"reaperhulk","login":"reaperhulk","name":null,"email":null,"url":null,"packages_count":7,"html_url":"https://pypi.org/user/reaperhulk/","role":null,"created_at":"2022-12-14T05:08:49.714Z","updated_at":"2022-12-14T05:08:49.714Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/reaperhulk/packages"},{"uuid":"Python Cryptographic Authority","login":"Python Cryptographic Authority","name":null,"email":null,"url":null,"packages_count":2,"html_url":"https://pypi.org/user/Python Cryptographic Authority/","role":null,"created_at":"2024-09-07T01:08:38.167Z","updated_at":"2024-09-07T01:08:38.167Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/Python%20Cryptographic%20Authority/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":690057,"maintainers_count":292646,"namespaces_count":0,"keywords_count":228482,"github":"pypi","metadata":{"funded_packages_count":48953},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-06-05T05:19:27.498Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}},"unique_repositories_count":224,"unique_repositories_count_past_30_days":59,"recent_issues":[{"uuid":"4227240413","node_id":"PR_kwDOO-I9t87Q6zQs","number":12,"state":"open","title":"chore(deps): bump the pip group across 25 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T19:52:43.000Z","updated_at":"2026-04-08T19:52:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.7` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.7` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.7` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/co...\n\n_Description has been truncated_","html_url":"https://github.com/ASISBusiness/python-docs-samples/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASISBusiness%2Fpython-docs-samples/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4223006296","node_id":"PR_kwDORKFnMM7Qu_PA","number":10,"state":"closed","title":"chore(deps): bump the pip group across 24 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T19:53:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:01:03.000Z","updated_at":"2026-04-08T19:53:20.000Z","time_to_close":42735,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":12,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `24.1.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.9.2` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `24.4.2` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.53.0` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` |\n\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.0.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.6 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.6...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/Dalek2023/python-docs-samples/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dalek2023%2Fpython-docs-samples/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4198714678","node_id":"PR_kwDOByY7Y87PvMt_","number":284,"state":"closed","title":"Bump pyopenssl from 18.0.0 to 26.0.0 in /tlbox/apps/csv-to-sheets","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-03T07:46:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T06:33:59.000Z","updated_at":"2026-04-03T07:47:02.000Z","time_to_close":4378,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"18.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/tlbox/apps/csv-to-sheets","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 18.0.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/18.0.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=pip\u0026previous-version=18.0.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/michael-christen/toolbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/michael-christen/toolbox/pull/284","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-christen%2Ftoolbox/issues/284","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/284/packages"},{"uuid":"4191416269","node_id":"PR_kwDOO-I9t87PcOl4","number":10,"state":"open","title":"chore(deps): bump the pip group across 25 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-02T04:10:13.000Z","updated_at":"2026-04-02T04:10:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003cco...\n\n_Description has been truncated_","html_url":"https://github.com/ASISBusiness/python-docs-samples/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASISBusiness%2Fpython-docs-samples/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4189975053","node_id":"PR_kwDOI6zrXc7PYnkl","number":9,"state":"closed","title":"Bump the pip group across 5 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-07T01:08:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T21:25:15.000Z","updated_at":"2026-04-07T01:08:22.000Z","time_to_close":445385,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":15,"packages":[{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"starlette","old_version":"0.17.1","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"werkzeug","old_version":"2.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"black","old_version":"22.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"38.0.1","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"gradio","old_version":"3.11","new_version":"6.7.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pyopenssl","old_version":"22.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"h11","old_version":"0.12.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 8 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [starlette](https://github.com/Kludex/starlette) | `0.17.1` | `0.49.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.1.6` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `38.0.1` | `46.0.6` |\n| [gradio](https://github.com/gradio-app/gradio) | `3.11` | `6.7.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.1.0` | `26.0.0` |\n| [h11](https://github.com/python-hyper/h11) | `0.12.0` | `0.16.0` |\n\nBumps the pip group with 1 update in the /python/ray/tune directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /python/requirements/compat directory: [torch](https://github.com/pytorch/pytorch) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 6 updates in the /python/requirements/ml directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [torch](https://github.com/pytorch/pytorch) | `1.13.0` | `2.7.1+cpu` |\n| [transformers](https://github.com/huggingface/transformers) | `4.19.1` | `4.53.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.20.1` | `5.29.6` |\n| [mlflow](https://github.com/mlflow/mlflow) | `1.21.0` | `3.9.0rc0` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.1.96` | `0.2.1` |\n| [onnx](https://github.com/onnx/onnx) | `1.12.0` | `1.21.0` |\n\nBumps the pip group with 1 update in the /release/ml_user_tests/ray-lightning directory: [torch](https://github.com/pytorch/pytorch).\n\nUpdates `flask` from 2.1.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.1.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.17.1 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.2 (July 20, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003eUploadFile\u003c/code\u003e check for future rollover \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2962\"\u003e#2962\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.1 (June 21, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eSelf\u003c/code\u003e in \u003ccode\u003eTestClient.__enter__\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2951\"\u003e#2951\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAllow async exception handlers to type-check \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2949\"\u003e#2949\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.17.1...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 2.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/2.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 22.10.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/22.10.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 38.0.1 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/38.0.1...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gradio` from 3.11 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gradio-app/gradio/blob/main/CHANGELOG.md\"\u003egradio's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12829\"\u003e#12829\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d720b25b575fb9817311212e1c0afa82abf27468\"\u003e\u003ccode\u003ed720b25\u003c/code\u003e\u003c/a\u003e - Allow :fastest :cheapest options when loading models.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12918\"\u003e#12918\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e - Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12929\"\u003e#12929\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e - Add server functions support to gr.HTML.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12917\"\u003e#12917\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e - Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML components.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12899\"\u003e#12899\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/820eff050232f2ce40813e98e3294930e142e1c1\"\u003e\u003ccode\u003e820eff0\u003c/code\u003e\u003c/a\u003e - Add support for gr.HTML as a layout element.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12900\"\u003e#12900\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d6907acf8beed0d9b5167398902d3f900d1a2ab9\"\u003e\u003ccode\u003ed6907ac\u003c/code\u003e\u003c/a\u003e - add \u003ccode\u003eSKILLS.md\u003c/code\u003e to Gradio repo, part 1 + cleanup.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12907\"\u003e#12907\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/3e625a0ecfab6e74b7561b68adbe55341ecbc47a\"\u003e\u003ccode\u003e3e625a0\u003c/code\u003e\u003c/a\u003e - Better error handling when connection to server is lost.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12911\"\u003e#12911\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e - Fix Button component ignoring the \u003ccode\u003escale\u003c/code\u003e parameter.  Thanks \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12925\"\u003e#12925\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e - Walkthrough Selected Bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12890\"\u003e#12890\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ac29df82a735c72c021c07e0816f78001147671b\"\u003e\u003ccode\u003eac29df8\u003c/code\u003e\u003c/a\u003e - fix DataFrame NaN values becoming 0 after sorting.  Thanks \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12926\"\u003e#12926\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e - Fix absolute path issue in Windows.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12904\"\u003e#12904\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e - Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive Tabs.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12903\"\u003e#12903\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/57707c72edd0e9fee9821882f75ab322ce110fe3\"\u003e\u003ccode\u003e57707c7\u003c/code\u003e\u003c/a\u003e - Fix Tab i18n issue.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12901\"\u003e#12901\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1387fc6a35edd965a3c1e29d693b7d5697595ac5\"\u003e\u003ccode\u003e1387fc6\u003c/code\u003e\u003c/a\u003e - Fix unload event bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12906\"\u003e#12906\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e - Lazy load sub-tab and accordion components.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12839\"\u003e#12839\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1c671b39830ccf1c87f6cfcb4669e97dfb3a7367\"\u003e\u003ccode\u003e1c671b3\u003c/code\u003e\u003c/a\u003e - Hide forms with no elements.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12700\"\u003e#12700\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b01c95a58be8e18bb4ddef7f2ee238a7774e5be9\"\u003e\u003ccode\u003eb01c95a\u003c/code\u003e\u003c/a\u003e - Rewrite behavior section of docs.  Thanks \u003ca href=\"https://github.com/aliabd\"\u003e\u003ccode\u003e@​aliabd\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12875\"\u003e#12875\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d0b34228d756334d901fc34971959ea422eb55bd\"\u003e\u003ccode\u003ed0b3422\u003c/code\u003e\u003c/a\u003e - Fix stop button not switching back to submit button in chat interface.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12797\"\u003e#12797\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6a0c6eae53931ec137c0b8379428acc8a7ea27c9\"\u003e\u003ccode\u003e6a0c6ea\u003c/code\u003e\u003c/a\u003e - Refactor translation logic.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12877\"\u003e#12877\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ebbd24231dbc006c21fbbf1df00918be16883b86\"\u003e\u003ccode\u003eebbd242\u003c/code\u003e\u003c/a\u003e - Ensure disconnected toast text is visible.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12873\"\u003e#12873\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6533d38c29ee86823e58d94a8afedd219bcc9011\"\u003e\u003ccode\u003e6533d38\u003c/code\u003e\u003c/a\u003e - Fix stop button not working in Audio streaming.  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12862\"\u003e#12862\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a8e6b7ba1e6af793b6a200d4cc6b07f3151f229e\"\u003e\u003ccode\u003ea8e6b7b\u003c/code\u003e\u003c/a\u003e - Fix ColorPicker not firing focus, blur, or submit events after Svelte 5 migration.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12865\"\u003e#12865\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/db7ab39c7e6ea3d1a2f0ce1991b5dbc0483b1e27\"\u003e\u003ccode\u003edb7ab39\u003c/code\u003e\u003c/a\u003e - Fix Gallery fullscreen button not working in preview mode.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12866\"\u003e#12866\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/981039647a4212c649a33dc4b56a4714980519eb\"\u003e\u003ccode\u003e9810396\u003c/code\u003e\u003c/a\u003e - Fix Gallery preview=True parameter not working on initial load.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12894\"\u003e#12894\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e0cd4cadb6d73ba70727c51cf37d7068c3cf4fbf\"\u003e\u003ccode\u003ee0cd4ca\u003c/code\u003e\u003c/a\u003e - Fix load examples bug in spa.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12830\"\u003e#12830\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a2a0078de878481752b952f9ed0e759a0e884d0b\"\u003e\u003ccode\u003ea2a0078\u003c/code\u003e\u003c/a\u003e - \u003ccode\u003eVideo\u003c/code\u003e to Svelte 5.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12882\"\u003e#12882\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/fc7c01ea1e581ef70be98fddf003b0c91315c7cc\"\u003e\u003ccode\u003efc7c01e\u003c/code\u003e\u003c/a\u003e - Validate proxy url host.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12874\"\u003e#12874\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b10e17cafbe9ff385e44bcc63a85de0d893e2662\"\u003e\u003ccode\u003eb10e17c\u003c/code\u003e\u003c/a\u003e - fix(reloading): Re-assign config for \u003ccode\u003eSpacesReloader\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/cbensimon\"\u003e\u003ccode\u003e@​cbensimon\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12884\"\u003e#12884\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e\"\u003e\u003ccode\u003edfee0da\u003c/code\u003e\u003c/a\u003e - Oauth fixes.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12811\"\u003e#12811\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/8f8cef87bfb3af64867804ad45f4385af09e07b4\"\u003e\u003ccode\u003e8f8cef8\u003c/code\u003e\u003c/a\u003e - Fix windows tests.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12846\"\u003e#12846\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/226daba5f65257244efc7c310500ea5366b20a87\"\u003e\u003ccode\u003e226daba\u003c/code\u003e\u003c/a\u003e - Fix bug where children of accordions dont get rendered when they are opened programmatically.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12887\"\u003e#12887\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/c0067785575aa0ad643d66067b315020c8b5fb6d\"\u003e\u003ccode\u003ec006778\u003c/code\u003e\u003c/a\u003e - Fix AttributeError in ColoredCheckboxGroup.api_info().  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.5.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/8b03393a51e1e03fb04cb0a41b9a5dc3266a58aa\"\u003e\u003ccode\u003e8b03393\u003c/code\u003e\u003c/a\u003e chore: update versions (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12902\"\u003e#12902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/c4b92e21d3f0b47595e40b35952e2b8e126ca6ef\"\u003e\u003ccode\u003ec4b92e2\u003c/code\u003e\u003c/a\u003e Fix skill generation check (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12931\"\u003e#12931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e Add server functions support to gr.HTML (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12929\"\u003e#12929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive T...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e Fix absolute path issue in Windows (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12926\"\u003e#12926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12918\"\u003e#12918\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e Lazy load sub-tab and accordion components (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12906\"\u003e#12906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e Walkthrough Selected Bug (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12925\"\u003e#12925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e Fix Button component ignoring scale parameter (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12911\"\u003e#12911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gradio-app/gradio/compare/v3.11.0...gradio@6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 22.1.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/22.1.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.12.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/co...\n\n_Description has been truncated_","html_url":"https://github.com/MiChaelinzo/ray/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MiChaelinzo%2Fray/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4189968882","node_id":"PR_kwDOJAGkXM7PYmsE","number":9,"state":"closed","title":"Bump the pip group across 3 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-07T01:12:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T21:24:05.000Z","updated_at":"2026-04-07T01:12:36.000Z","time_to_close":445709,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":12,"packages":[{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"starlette","old_version":"0.17.1","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"werkzeug","old_version":"2.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"azure-identity","old_version":"1.10.0","new_version":"1.16.1","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"cryptography","old_version":"38.0.1","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"gradio","old_version":"3.11","new_version":"6.7.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pyopenssl","old_version":"22.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"pymongo","old_version":"4.3.2","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"h11","old_version":"0.12.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 9 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [starlette](https://github.com/Kludex/starlette) | `0.17.1` | `0.49.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.1.6` |\n| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.10.0` | `1.16.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `38.0.1` | `46.0.6` |\n| [gradio](https://github.com/gradio-app/gradio) | `3.11` | `6.7.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.1.0` | `26.0.0` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.2` | `4.6.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.12.0` | `0.16.0` |\n\nBumps the pip group with 3 updates in the /python/requirements/ml directory: torch, [mlflow](https://github.com/mlflow/mlflow) and [onnx](https://github.com/onnx/onnx).\nBumps the pip group with 1 update in the /release/ml_user_tests/ray-lightning directory: torch.\n\nUpdates `flask` from 2.1.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.1.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.17.1 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.2 (July 20, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003eUploadFile\u003c/code\u003e check for future rollover \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2962\"\u003e#2962\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.1 (June 21, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eSelf\u003c/code\u003e in \u003ccode\u003eTestClient.__enter__\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2951\"\u003e#2951\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAllow async exception handlers to type-check \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2949\"\u003e#2949\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.17.1...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 2.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/2.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-identity` from 1.10.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/05f60c8a38210db9af434d45f06f6fcf09fc4f05\"\u003e\u003ccode\u003e05f60c8\u003c/code\u003e\u003c/a\u003e Use esrp release task that supports federated auth (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35523\"\u003e#35523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/4699efbe0e7f357b2d254ca2a6537e16afd32e9f\"\u003e\u003ccode\u003e4699efb\u003c/code\u003e\u003c/a\u003e pin setuptools (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35212\"\u003e#35212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6a07fc9bf93f0ec234e0797e14f906ae2a6ca4f4\"\u003e\u003ccode\u003e6a07fc9\u003c/code\u003e\u003c/a\u003e [Identity] Fix device code tests (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35846\"\u003e#35846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e16a704b4265020c9ff3b33b80088409680d4f72\"\u003e\u003ccode\u003ee16a704\u003c/code\u003e\u003c/a\u003e [Identity] Add Azure Arc key validation checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/f07513ce14a15d3d29f8a3e1d90b93152b207692\"\u003e\u003ccode\u003ef07513c\u003c/code\u003e\u003c/a\u003e [DI] Enable to run sphinx in pipeline (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35078\"\u003e#35078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/dba02d4c36960684ea864b7a082ceef802e8767f\"\u003e\u003ccode\u003edba02d4\u003c/code\u003e\u003c/a\u003e bump tcgc to 0.23.1 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35119\"\u003e#35119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/828e8337e1badc2e7ea455cd38453e8e3d057f2e\"\u003e\u003ccode\u003e828e833\u003c/code\u003e\u003c/a\u003e [ACR] Fix pylint and sphinx errors (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35080\"\u003e#35080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/9fa8967963f263d6211f1d566b41f46fe7cf27bf\"\u003e\u003ccode\u003e9fa8967\u003c/code\u003e\u003c/a\u003e [core] Update perf-tests.yml (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35105\"\u003e#35105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ca8ac49bef5e7ea7b211af8fe2aa14e1ec419534\"\u003e\u003ccode\u003eca8ac49\u003c/code\u003e\u003c/a\u003e update to 0.23.0 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35110\"\u003e#35110\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/3519fdf0c69c7347d45dbc39a084f43462fd2202\"\u003e\u003ccode\u003e3519fdf\u003c/code\u003e\u003c/a\u003e Distro 1.4.0 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35076\"\u003e#35076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-identity_1.10.0...azure-identity_1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 38.0.1 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/38.0.1...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gradio` from 3.11 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gradio-app/gradio/blob/main/CHANGELOG.md\"\u003egradio's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12829\"\u003e#12829\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d720b25b575fb9817311212e1c0afa82abf27468\"\u003e\u003ccode\u003ed720b25\u003c/code\u003e\u003c/a\u003e - Allow :fastest :cheapest options when loading models.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12918\"\u003e#12918\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e - Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12929\"\u003e#12929\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e - Add server functions support to gr.HTML.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12917\"\u003e#12917\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e - Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML components.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12899\"\u003e#12899\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/820eff050232f2ce40813e98e3294930e142e1c1\"\u003e\u003ccode\u003e820eff0\u003c/code\u003e\u003c/a\u003e - Add support for gr.HTML as a layout element.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12900\"\u003e#12900\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d6907acf8beed0d9b5167398902d3f900d1a2ab9\"\u003e\u003ccode\u003ed6907ac\u003c/code\u003e\u003c/a\u003e - add \u003ccode\u003eSKILLS.md\u003c/code\u003e to Gradio repo, part 1 + cleanup.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12907\"\u003e#12907\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/3e625a0ecfab6e74b7561b68adbe55341ecbc47a\"\u003e\u003ccode\u003e3e625a0\u003c/code\u003e\u003c/a\u003e - Better error handling when connection to server is lost.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12911\"\u003e#12911\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e - Fix Button component ignoring the \u003ccode\u003escale\u003c/code\u003e parameter.  Thanks \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12925\"\u003e#12925\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e - Walkthrough Selected Bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12890\"\u003e#12890\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ac29df82a735c72c021c07e0816f78001147671b\"\u003e\u003ccode\u003eac29df8\u003c/code\u003e\u003c/a\u003e - fix DataFrame NaN values becoming 0 after sorting.  Thanks \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12926\"\u003e#12926\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e - Fix absolute path issue in Windows.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12904\"\u003e#12904\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e - Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive Tabs.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12903\"\u003e#12903\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/57707c72edd0e9fee9821882f75ab322ce110fe3\"\u003e\u003ccode\u003e57707c7\u003c/code\u003e\u003c/a\u003e - Fix Tab i18n issue.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12901\"\u003e#12901\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1387fc6a35edd965a3c1e29d693b7d5697595ac5\"\u003e\u003ccode\u003e1387fc6\u003c/code\u003e\u003c/a\u003e - Fix unload event bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12906\"\u003e#12906\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e - Lazy load sub-tab and accordion components.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12839\"\u003e#12839\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1c671b39830ccf1c87f6cfcb4669e97dfb3a7367\"\u003e\u003ccode\u003e1c671b3\u003c/code\u003e\u003c/a\u003e - Hide forms with no elements.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12700\"\u003e#12700\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b01c95a58be8e18bb4ddef7f2ee238a7774e5be9\"\u003e\u003ccode\u003eb01c95a\u003c/code\u003e\u003c/a\u003e - Rewrite behavior section of docs.  Thanks \u003ca href=\"https://github.com/aliabd\"\u003e\u003ccode\u003e@​aliabd\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12875\"\u003e#12875\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d0b34228d756334d901fc34971959ea422eb55bd\"\u003e\u003ccode\u003ed0b3422\u003c/code\u003e\u003c/a\u003e - Fix stop button not switching back to submit button in chat interface.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12797\"\u003e#12797\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6a0c6eae53931ec137c0b8379428acc8a7ea27c9\"\u003e\u003ccode\u003e6a0c6ea\u003c/code\u003e\u003c/a\u003e - Refactor translation logic.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12877\"\u003e#12877\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ebbd24231dbc006c21fbbf1df00918be16883b86\"\u003e\u003ccode\u003eebbd242\u003c/code\u003e\u003c/a\u003e - Ensure disconnected toast text is visible.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12873\"\u003e#12873\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6533d38c29ee86823e58d94a8afedd219bcc9011\"\u003e\u003ccode\u003e6533d38\u003c/code\u003e\u003c/a\u003e - Fix stop button not working in Audio streaming.  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12862\"\u003e#12862\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a8e6b7ba1e6af793b6a200d4cc6b07f3151f229e\"\u003e\u003ccode\u003ea8e6b7b\u003c/code\u003e\u003c/a\u003e - Fix ColorPicker not firing focus, blur, or submit events after Svelte 5 migration.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12865\"\u003e#12865\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/db7ab39c7e6ea3d1a2f0ce1991b5dbc0483b1e27\"\u003e\u003ccode\u003edb7ab39\u003c/code\u003e\u003c/a\u003e - Fix Gallery fullscreen button not working in preview mode.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12866\"\u003e#12866\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/981039647a4212c649a33dc4b56a4714980519eb\"\u003e\u003ccode\u003e9810396\u003c/code\u003e\u003c/a\u003e - Fix Gallery preview=True parameter not working on initial load.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12894\"\u003e#12894\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e0cd4cadb6d73ba70727c51cf37d7068c3cf4fbf\"\u003e\u003ccode\u003ee0cd4ca\u003c/code\u003e\u003c/a\u003e - Fix load examples bug in spa.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12830\"\u003e#12830\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a2a0078de878481752b952f9ed0e759a0e884d0b\"\u003e\u003ccode\u003ea2a0078\u003c/code\u003e\u003c/a\u003e - \u003ccode\u003eVideo\u003c/code\u003e to Svelte 5.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12882\"\u003e#12882\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/fc7c01ea1e581ef70be98fddf003b0c91315c7cc\"\u003e\u003ccode\u003efc7c01e\u003c/code\u003e\u003c/a\u003e - Validate proxy url host.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12874\"\u003e#12874\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b10e17cafbe9ff385e44bcc63a85de0d893e2662\"\u003e\u003ccode\u003eb10e17c\u003c/code\u003e\u003c/a\u003e - fix(reloading): Re-assign config for \u003ccode\u003eSpacesReloader\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/cbensimon\"\u003e\u003ccode\u003e@​cbensimon\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12884\"\u003e#12884\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e\"\u003e\u003ccode\u003edfee0da\u003c/code\u003e\u003c/a\u003e - Oauth fixes.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12811\"\u003e#12811\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/8f8cef87bfb3af64867804ad45f4385af09e07b4\"\u003e\u003ccode\u003e8f8cef8\u003c/code\u003e\u003c/a\u003e - Fix windows tests.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12846\"\u003e#12846\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/226daba5f65257244efc7c310500ea5366b20a87\"\u003e\u003ccode\u003e226daba\u003c/code\u003e\u003c/a\u003e - Fix bug where children of accordions dont get rendered when they are opened programmatically.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12887\"\u003e#12887\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/c0067785575aa0ad643d66067b315020c8b5fb6d\"\u003e\u003ccode\u003ec006778\u003c/code\u003e\u003c/a\u003e - Fix AttributeError in ColoredCheckboxGroup.api_info().  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.5.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/8b03393a51e1e03fb04cb0a41b9a5dc3266a58aa\"\u003e\u003ccode\u003e8b03393\u003c/code\u003e\u003c/a\u003e chore: update versions (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12902\"\u003e#12902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/c4b92e21d3f0b47595e40b35952e2b8e126ca6ef\"\u003e\u003ccode\u003ec4b92e2\u003c/code\u003e\u003c/a\u003e Fix skill generation check (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12931\"\u003e#12931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e Add server functions support to gr.HTML (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12929\"\u003e#12929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive T...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e Fix absolute path issue in Windows (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12926\"\u003e#12926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12918\"\u003e#12918\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e Lazy load sub-tab and accordion components (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12906\"\u003e#12906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e Walkthrough Selected Bug (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12925\"\u003e#12925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e Fix Button component ignoring scale parameter (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12911\"\u003e#12911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gradio-app/gradio/compare/v3.11.0...gradio@6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 22.1.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/22.1.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.2 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.3.3\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-3-3-release/200145\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-3-3-release/200145\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.2...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.12.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h1...\n\n_Description has been truncated_","html_url":"https://github.com/c6ai/ray/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/c6ai%2Fray/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4183262804","node_id":"PR_kwDOQp2jac7PG05r","number":8,"state":"closed","title":"Bump the uv group across 10 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T00:52:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T00:50:08.000Z","updated_at":"2026-04-01T00:52:14.000Z","time_to_close":125,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":16,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"mlflow","old_version":"2.22.0","new_version":"3.9.0rc0","repository_url":"https://github.com/mlflow/mlflow"},{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyasn1","old_version":"0.5.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"tornado","old_version":"6.5.2","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"werkzeug","old_version":"2.3.8","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"black","old_version":"22.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"44.0.3","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.18.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"memray","old_version":"1.19.1","new_version":"1.19.2","repository_url":"https://github.com/bloomberg/memray"},{"name":"onnx","old_version":"1.15.0","new_version":"1.21.0rc1","repository_url":"https://github.com/onnx/onnx"},{"name":"orjson","old_version":"3.9.15","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"pyopenssl","old_version":"25.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /ci/raydepsets/tests/test_data directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc/source/ray-overview/examples/e2e-xgboost directory: [mlflow](https://github.com/mlflow/mlflow).\nBumps the uv group with 2 updates in the /doc/source/ray-overview/examples/multi_agent_a2a/content directory: [langgraph](https://github.com/langchain-ai/langgraph) and [mcp](https://github.com/modelcontextprotocol/python-sdk).\nBumps the uv group with 14 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [mlflow](https://github.com/mlflow/mlflow) | `2.22.0` | `3.9.0rc0` |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.2` | `6.5.5` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.8` | `3.1.6` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.18.0` | `0.19.2` |\n| [memray](https://github.com/bloomberg/memray) | `1.19.1` | `1.19.2` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.15` | `3.11.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.0.0` | `26.0.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\nBumps the uv group with 1 update in the /python/ray/tune directory: [black](https://github.com/psf/black).\nBumps the uv group with 4 updates in the /python/requirements directory: [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug), [black](https://github.com/psf/black) and [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 1 update in the /python/requirements/ml directory: [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 2 updates in the /release directory: [pyasn1](https://github.com/pyasn1/pyasn1) and [cryptography](https://github.com/pyca/cryptography).\nBumps the uv group with 5 updates in the /release/ray_release/byod directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [mlflow](https://github.com/mlflow/mlflow) | `3.1.4` | `3.9.0rc0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.19.0 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Support pagination in get-history of FileStore and SqlAlchemyStore (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16325\"\u003e#16325\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md\"\u003emlflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.4 (2025-07-23)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.3 (2025-07-22)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.2 (2025-07-08)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.1 (2025-06-25)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/d393a0c2bd1a2dcd1ffab4784af3579266a78dc0\"\u003e\u003ccode\u003ed393a0c\u003c/code\u003e\u003c/a\u003e Run python3 dev/update_mlflow_versions.py pre-release ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/bbe2e934823661254a68202397fb77ba46b0b404\"\u003e\u003ccode\u003ebbe2e93\u003c/code\u003e\u003c/a\u003e Fix Java POM for central release (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/91712a50b5f61553f7d01176dc5f02bd7cae0897\"\u003e\u003ccode\u003e91712a5\u003c/code\u003e\u003c/a\u003e lint change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/6d1469df7094b666b3df723a8c1c93e4d2d05955\"\u003e\u003ccode\u003e6d1469d\u003c/code\u003e\u003c/a\u003e fix merge for model serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3fa96eb8f099281bbc3021eee351e200e98e542a\"\u003e\u003ccode\u003e3fa96eb\u003c/code\u003e\u003c/a\u003e Fix releasing to central (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/377a0f2faeb0d4435df1982ea19d9dc900a819e5\"\u003e\u003ccode\u003e377a0f2\u003c/code\u003e\u003c/a\u003e update mlflow-tracing version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/5cc8e8d880543f578bf87227949195ec50d26ff0\"\u003e\u003ccode\u003e5cc8e8d\u003c/code\u003e\u003c/a\u003e Update build scripts to handle mlflow-tracing (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/15860\"\u003e#15860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3acca543505a4a1ceff8c226de44003d3814cdaf\"\u003e\u003ccode\u003e3acca54\u003c/code\u003e\u003c/a\u003e Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/16748ac5acb42647ef277e96797dfbcb626c36b7\"\u003e\u003ccode\u003e16748ac\u003c/code\u003e\u003c/a\u003e Update pom with further fixes (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/311a33195f3d58f3390fd23298df4d2cf4360a5b\"\u003e\u003ccode\u003e311a331\u003c/code\u003e\u003c/a\u003e Fix issue with search_registered_models with Databricks UC backend not suppor...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mlflow/mlflow/compare/v2.19.0...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph` from 1.0.3 to 1.0.10rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.0.10rc1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.9\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments  (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6864\"\u003e#6864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: sequential interrupt handling w/ functional API (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6863\"\u003e#6863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: state_updated_at sort by (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6857\"\u003e#6857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6815\"\u003e#6815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6833\"\u003e#6833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6837\"\u003e#6837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6832\"\u003e#6832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace bare except with BaseException in AsyncQueue (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6765\"\u003e#6765\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: shallow copy futures (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6755\"\u003e#6755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: pydantic messages double streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6753\"\u003e#6753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6673\"\u003e#6673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: enhance \u003ccode\u003eRuntime\u003c/code\u003e and \u003ccode\u003eToolRuntime\u003c/code\u003e class descriptions for clarity (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add clarity to use of \u003ccode\u003ethread_id\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6515\"\u003e#6515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add docstrings to \u003ccode\u003eadd_node\u003c/code\u003e overloads (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6514\"\u003e#6514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: update notebook links and add archival notices for examples (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6720\"\u003e#6720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(cli): 0.4.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6716\"\u003e#6716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-prebuilt==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since prebuilt==1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: inject ToolRuntime for dynamically registered tools (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6874\"\u003e#6874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6849\"\u003e#6849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6810\"\u003e#6810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs(prebuilt): update warning for \u003ccode\u003ecreate_react_agent\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6760\"\u003e#6760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a04ec5d6f00fa6583b2d98dfe789da741204b767\"\u003e\u003ccode\u003ea04ec5d\u003c/code\u003e\u003c/a\u003e release: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/50df7d423abebcb5a192f0a59c2952c68cb0df8c\"\u003e\u003ccode\u003e50df7d4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/c4a4a4647343d802d0ab909439806076bae15bd6\"\u003e\u003ccode\u003ec4a4a46\u003c/code\u003e\u003c/a\u003e chore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f178eb821e52906e1705c9cc02533bb88854b409\"\u003e\u003ccode\u003ef178eb8\u003c/code\u003e\u003c/a\u003e fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/48167d7fec9c25228426c92ba83d8650b77de0f3\"\u003e\u003ccode\u003e48167d7\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/806878a421458e99f9882e666ff35a41ad1bb561\"\u003e\u003ccode\u003e806878a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8087e6a42c62c2049a5fb3f99372a8c601d07e08\"\u003e\u003ccode\u003e8087e6a\u003c/code\u003e\u003c/a\u003e docs(sdk-py): update auth docstrings to default-deny pattern (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6933\"\u003e#6933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8fbdb144876ec9ca75943c7addb452a2bb634304\"\u003e\u003ccode\u003e8fbdb14\u003c/code\u003e\u003c/a\u003e release(sdk-py): 0.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6932\"\u003e#6932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5093802f319119be674c02269f9874df04558419\"\u003e\u003ccode\u003e5093802\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b89ef60b91e019c3cb4422af1e3cc216804ccb20\"\u003e\u003ccode\u003eb89ef60\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add extract parameter to threads.search() (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6880\"\u003e#6880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.0.3...1.0.10rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.22.0 to 1.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis release brings us up to speed with the latest MCP spec \u003ccode\u003e2025-11-25\u003c/code\u003e. Take a look at the \u003ca href=\"https://modelcontextprotocol.io/specification/2025-11-25\"\u003elatest spec\u003c/a\u003e as well as the release \u003ca href=\"https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/\"\u003eblog post.\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for JSON Schema 2020-12 field preservation (SEP-1613) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1649\"\u003emodelcontextprotocol/python-sdk#1649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd client_secret_basic authentication support by \u003ca href=\"https://github.com/jonshea\"\u003e\u003ccode\u003e@​jonshea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1334\"\u003emodelcontextprotocol/python-sdk#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1577 - Sampling With Tools by \u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by \u003ca href=\"https://github.com/chughtapan\"\u003e\u003ccode\u003e@​chughtapan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1246\"\u003emodelcontextprotocol/python-sdk#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[auth][conformance] add conformance auth client by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1640\"\u003emodelcontextprotocol/python-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-986: Tool name validation by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1655\"\u003emodelcontextprotocol/python-sdk#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url for spec by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1659\"\u003emodelcontextprotocol/python-sdk#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: implement SEP-991 URL-based client ID (CIMD) support by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1652\"\u003emodelcontextprotocol/python-sdk#1652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate doc string on custom_route by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1660\"\u003emodelcontextprotocol/python-sdk#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1036: URL mode elicitation for secure out-of-band interactions by \u003ca href=\"https://github.com/cbcoutinho\"\u003e\u003ccode\u003e@​cbcoutinho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1580\"\u003emodelcontextprotocol/python-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip empty SSE data to avoid parsing errors by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1670\"\u003emodelcontextprotocol/python-sdk#1670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1686: Tasks by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1645\"\u003emodelcontextprotocol/python-sdk#1645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd on_session_created callback option by \u003ca href=\"https://github.com/crondinini-ant\"\u003e\u003ccode\u003e@​crondinini-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1710\"\u003emodelcontextprotocol/python-sdk#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SSE polling support (SEP-1699) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1654\"\u003emodelcontextprotocol/python-sdk#1654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport client_credentials flow with JWT and Basic auth by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1663\"\u003emodelcontextprotocol/python-sdk#1663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: backwards-compatible create_message overloads for SEP-1577 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1713\"\u003emodelcontextprotocol/python-sdk#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-enable DNS rebinding protection for localhost servers by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e  (d3a184119e4479ea6a63590bc41f01dc06e3fa99)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ehttps://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99\"\u003e\u003ccode\u003ed3a1841\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/fa851d93a2036a37cce73e098f7dbc80a6c48765\"\u003e\u003ccode\u003efa851d9\u003c/code\u003e\u003c/a\u003e feat: backwards-compatible create_message overloads for SEP-1577 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1713\"\u003e#1713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f82b0c937178815c1e96460455778578050c6d1a\"\u003e\u003ccode\u003ef82b0c9\u003c/code\u003e\u003c/a\u003e Support client_credentials flow with JWT and Basic auth (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1663\"\u003e#1663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/281fd4765e0fc2efaf2039d248c3bc0698416a8a\"\u003e\u003ccode\u003e281fd47\u003c/code\u003e\u003c/a\u003e Add SSE polling support (SEP-1699) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/2cd178a962ab454e3add228ecd721784b7b36e99\"\u003e\u003ccode\u003e2cd178a\u003c/code\u003e\u003c/a\u003e Add on_session_created callback option (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1710\"\u003e#1710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/c92bb2f7ffaa61813d7cc350887f4ece38307769\"\u003e\u003ccode\u003ec92bb2f\u003c/code\u003e\u003c/a\u003e SEP-1686: Tasks (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/5983a650cc07d2dc6c6ba098e99d3545889157a9\"\u003e\u003ccode\u003e5983a65\u003c/code\u003e\u003c/a\u003e Skip empty SSE data to avoid parsing errors (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/02b78899296ce3631565345501e3d956b83ffe94\"\u003e\u003ccode\u003e02b7889\u003c/code\u003e\u003c/a\u003e Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/27279bc157cbc03f7fe7758fd55a4b34c5652f42\"\u003e\u003ccode\u003e27279bc\u003c/code\u003e\u003c/a\u003e Update doc string on custom_route (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f22501315eab5b8358c603ac7f730f77bb09e4c4\"\u003e\u003ccode\u003ef225013\u003c/code\u003e\u003c/a\u003e feat: implement SEP-991 URL-based client ID (CIMD) support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1652\"\u003e#1652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.22.0 to 3.9.0rc0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#1645...\n\n_Description has been truncated_","html_url":"https://github.com/preechapon250/ray/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/preechapon250%2Fray/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4183030251","node_id":"PR_kwDOR2F1C87PGHDB","number":18,"state":"closed","title":"Bump pyopenssl from 25.3.0 to 26.0.0 in /PIT4PFJOBQYU9DG0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-31T23:55:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-31T23:39:20.000Z","updated_at":"2026-03-31T23:55:39.000Z","time_to_close":978,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/PIT4PFJOBQYU9DG0","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=uv\u0026previous-version=25.3.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/zadrafi/snowflake/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/zadrafi/snowflake/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zadrafi%2Fsnowflake/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4181197472","node_id":"PR_kwDOR2F1C87PBgKZ","number":15,"state":"closed","title":"Bump pyopenssl from 25.3.0 to 26.0.0 in /poc/streamlit","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-31T23:55:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-31T17:52:52.000Z","updated_at":"2026-03-31T23:55:43.000Z","time_to_close":21770,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/poc/streamlit","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/zadrafi/snowflake/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zadrafi%2Fsnowflake/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4173400851","node_id":"PR_kwDONw5uE87OugFp","number":13,"state":"closed","title":"Bump the uv group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T21:11:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T19:14:51.000Z","updated_at":"2026-04-01T21:11:42.000Z","time_to_close":179809,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":3,"packages":[{"name":"cryptography","old_version":"45.0.7","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"pyopenssl","old_version":"25.1.0","new_version":"25.3.0"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the / directory: [cryptography](https://github.com/pyca/cryptography) and [requests](https://github.com/psf/requests).\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.1.0 to 25.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Context.clear_mode\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Context.set_tls13_ciphersuites\u003c/code\u003e to set the allowed TLS 1.3 ciphers.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.set_info_callback\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/41e778874171b9655df3d5aa513acf821a1a83cc\"\u003e\u003ccode\u003e41e7788\u003c/code\u003e\u003c/a\u003e Prepare for a 25.3.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1448\"\u003e#1448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/53b78f5f89002e2c7264cc8e635749f82d674d67\"\u003e\u003ccode\u003e53b78f5\u003c/code\u003e\u003c/a\u003e test on supported pypys (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1449\"\u003e#1449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/fb1ebc1c81640acedc9e8918c066d81d71167876\"\u003e\u003ccode\u003efb1ebc1\u003c/code\u003e\u003c/a\u003e Update CI workflow to use 'ubuntu-latest' and 'windows-latest' (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1447\"\u003e#1447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6ccf90b36da20d9ad6adccde280d1dd3df792e7f\"\u003e\u003ccode\u003e6ccf90b\u003c/code\u003e\u003c/a\u003e Prepare for a release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1446\"\u003e#1446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/5f46403a4adb28c331a36f2129efccf4af219c20\"\u003e\u003ccode\u003e5f46403\u003c/code\u003e\u003c/a\u003e Added \u003ccode\u003eOpenSSL.SSL.Connection.set_info_callback\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1438\"\u003e#1438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/95cf8fa3cec8d8ec9f0dca8dd1977a0fd86363b2\"\u003e\u003ccode\u003e95cf8fa\u003c/code\u003e\u003c/a\u003e Update tests to not rely on mutating contexts (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1445\"\u003e#1445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/946f87ecab525027e7fa18d869dc19224574724b\"\u003e\u003ccode\u003e946f87e\u003c/code\u003e\u003c/a\u003e Remove fallback path for old OpenSSL (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1443\"\u003e#1443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/0213311bb2e225a9d081eec026a5ee6afafa4a7c\"\u003e\u003ccode\u003e0213311\u003c/code\u003e\u003c/a\u003e Fix for new mypy release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1444\"\u003e#1444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7fd0ab84a07d7ec1461344be1bd0698c56dae423\"\u003e\u003ccode\u003e7fd0ab8\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5 to 6 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1440\"\u003e#1440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8daf0d1066ddfe901991d5dfba63450b3ced464a\"\u003e\u003ccode\u003e8daf0d1\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1439\"\u003e#1439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.1.0...25.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FarmaanElahi/terminal-data/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/FarmaanElahi/terminal-data/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FarmaanElahi%2Fterminal-data/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4163078623","node_id":"PR_kwDODELVY87OWnVA","number":9514,"state":"closed","title":"Bump the pip group across 8 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","PR title format","python","area/automation","Smoke tests: Unknown"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T06:46:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-29T06:56:47.000Z","updated_at":"2026-04-08T06:46:03.000Z","time_to_close":863354,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":7,"packages":[{"name":"cryptography","old_version":"44.0.3","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"distributed","old_version":"2024.8.0","new_version":"2026.1.0","repository_url":"https://github.com/dask/distributed"},{"name":"pillow","old_version":"11.3.0","new_version":"12.1.1","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pyopenssl","old_version":"25.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"black","old_version":"24.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"mlflow","old_version":"3.5.1","new_version":"3.9.0rc0","repository_url":"https://github.com/mlflow/mlflow"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /dockerfiles/gpu directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /dockerfiles/jupyter directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /dockerfiles/mlrun directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /dockerfiles/mlrun-api directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 4 updates in the /dockerfiles/mlrun-kfp directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed), [protobuf](https://github.com/protocolbuffers/protobuf) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 6 updates in the /dockerfiles/test directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [distributed](https://github.com/dask/distributed) | `2024.8.0` | `2026.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.1.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.1.0` | `26.0.0` |\n| [black](https://github.com/psf/black) | `24.10.0` | `26.3.1` |\n| [mlflow](https://github.com/mlflow/mlflow) | `3.5.1` | `3.9.0rc0` |\n\nBumps the pip group with 6 updates in the /dockerfiles/test-system directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [distributed](https://github.com/dask/distributed) | `2024.8.0` | `2026.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.1.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.31.1` | `6.33.5` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.1.0` | `26.0.0` |\n| [black](https://github.com/psf/black) | `24.10.0` | `26.3.1` |\n\nBumps the pip group with 1 update in the /docs directory: [distributed](https://github.com/dask/distributed).\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9137\"\u003e#9137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdapt worker and nanny to ipv6 \u003ca href=\"https://github.com/csfldf\"\u003e\u003ccode\u003e@​csfldf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9133\"\u003e#9133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI Multiple aliased keys in file /Users/runner/.condarc \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9136\"\u003e#9136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epip\u003c/code\u003e pin for docs \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9132\"\u003e#9132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9130\"\u003e#9130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove UCX configuration schema \u003ca href=\"https://github.com/pentschev\"\u003e\u003ccode\u003e@​pentschev\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generic type support to Future and Client methods \u003ca href=\"https://github.com/moi90\"\u003e\u003ccode\u003e@​moi90\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9123\"\u003e#9123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.10.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa\"\u003e\u003ccode\u003eab72092\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f4cfecc48856d5f0fbf7f840fbecdb17544fd30e\"\u003e\u003ccode\u003ef4cfecc\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/9e135d2de60f397de406c58d3f40d8ad47ebd9e7\"\u003e\u003ccode\u003e9e135d2\u003c/code\u003e\u003c/a\u003e Clean up obsolete pins in CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/5da04d0aaee8367f805472cdbb5fef818387426e\"\u003e\u003ccode\u003e5da04d0\u003c/code\u003e\u003c/a\u003e Fix incompatibility of pyparsing vs. packaging in mindeps CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/7fc0080d0e4692247fe24a1291706232e1a07135\"\u003e\u003ccode\u003e7fc0080\u003c/code\u003e\u003c/a\u003e Bump mypy; fix mypy failure (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/06f59c25eb1450ead867773bdb18e6308527f3c2\"\u003e\u003ccode\u003e06f59c2\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/41bcd61b40edcb780650ab8701962fb85762afb3\"\u003e\u003ccode\u003e41bcd61\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/14261377211ff22695942a6f2e94596a3710d6f6\"\u003e\u003ccode\u003e1426137\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f67b890bd77e647f80b3ab0a3bb17fd6ecf238fa\"\u003e\u003ccode\u003ef67b890\u003c/code\u003e\u003c/a\u003e Version 2025.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/54a7352d6a7314263c9b316753e8f94a4976013d\"\u003e\u003ccode\u003e54a7352\u003c/code\u003e\u003c/a\u003e Typing fixes (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dask/distributed/compare/2024.8.0...2026.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9137\"\u003e#9137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdapt worker and nanny to ipv6 \u003ca href=\"https://github.com/csfldf\"\u003e\u003ccode\u003e@​csfldf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9133\"\u003e#9133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI Multiple aliased keys in file /Users/runner/.condarc \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9136\"\u003e#9136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epip\u003c/code\u003e pin for docs \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9132\"\u003e#9132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9130\"\u003e#9130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove UCX configuration schema \u003ca href=\"https://github.com/pentschev\"\u003e\u003ccode\u003e@​pentschev\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generic type support to Future and Client methods \u003ca href=\"https://github.com/moi90\"\u003e\u003ccode\u003e@​moi90\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9123\"\u003e#9123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.10.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa\"\u003e\u003ccode\u003eab72092\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f4cfecc48856d5f0fbf7f840fbecdb17544fd30e\"\u003e\u003ccode\u003ef4cfecc\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/9e135d2de60f397de406c58d3f40d8ad47ebd9e7\"\u003e\u003ccode\u003e9e135d2\u003c/code\u003e\u003c/a\u003e Clean up obsolete pins in CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/5da04d0aaee8367f805472cdbb5fef818387426e\"\u003e\u003ccode\u003e5da04d0\u003c/code\u003e\u003c/a\u003e Fix incompatibility of pyparsing vs. packaging in mindeps CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/7fc0080d0e4692247fe24a1291706232e1a07135\"\u003e\u003ccode\u003e7fc0080\u003c/code\u003e\u003c/a\u003e Bump mypy; fix mypy failure (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/06f59c25eb1450ead867773bdb18e6308527f3c2\"\u003e\u003ccode\u003e06f59c2\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/41bcd61b40edcb780650ab8701962fb85762afb3\"\u003e\u003ccode\u003e41bcd61\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/14261377211ff22695942a6f2e94596a3710d6f6\"\u003e\u003ccode\u003e1426137\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f67b890bd77e647f80b3ab0a3bb17fd6ecf238fa\"\u003e\u003ccode\u003ef67b890\u003c/code\u003e\u003c/a\u003e Version 2025.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/54a7352d6a7314263c9b316753e8f94a4976013d\"\u003e\u003ccode\u003e54a7352\u003c/code\u003e\u003c/a\u003e Typing fixes (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dask/distributed/compare/2024.8.0...2026.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9137\"\u003e#9137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdapt worker and nanny to ipv6 \u003ca href=\"https://github.com/csfldf\"\u003e\u003ccode\u003e@​csfldf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9133\"\u003e#9133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI Multiple aliased keys in file /Users/runner/.condarc \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9136\"\u003e#9136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epip\u003c/code\u003e pin for docs \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9132\"\u003e#9132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9130\"\u003e#9130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove UCX configuration schema \u003ca href=\"https://github.com/pentschev\"\u003e\u003ccode\u003e@​pentschev\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generic type support to Future and Client methods \u003ca href=\"https://github.com/moi90\"\u003e\u003ccode\u003e@​moi90\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9123\"\u003e#9123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.10.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa\"\u003e\u003ccode\u003eab72092\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f4cfecc48856d5f0fbf7f840fbecdb17544fd30e\"\u003e\u003ccode\u003ef4cfecc\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/9e135d2de60f397de406c58d3f40d8ad47ebd9e7\"\u003e\u003ccode\u003e9e135d2\u003c/code\u003e\u003c/a\u003e Clean up obsolete pins in CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/5da04d0aaee8367f805472cdbb5fef818387426e\"\u003e\u003ccode\u003e5da04d0\u003c/code\u003e\u003c/a\u003e Fix incompatibility of pyparsing vs. packaging in mindeps CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/7fc0080d0e4692247fe24a1291706232e1a07135\"\u003e\u003ccode\u003e7fc0080\u003c/code\u003e\u003c/a\u003e Bump mypy; fix mypy failure (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/06f59c25eb1450ead867773bdb18e6308527f3c2\"\u003e\u003ccode\u003e06f59c2\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/41bcd61b40edcb780650ab8701962fb85762afb3\"\u003e\u003ccode\u003e41bcd61\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/14261377211ff22695942a6f2e94596a3710d6f6\"\u003e\u003ccode\u003e1426137\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f67b890bd77e647f80b3ab0a3bb17fd6ecf238fa\"\u003e\u003ccode\u003ef67b890\u003c/code\u003e\u003c/a\u003e Version 2025.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/54a7352d6a7314263c9b316753e8f94a4976013d\"\u003e\u003ccode\u003e54a7352\u003c/code\u003e\u003c/a\u003e Typing fixes (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dask/distributed/compare/2024.8.0...2026.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/mlrun/mlrun/pull/9514","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlrun%2Fmlrun/issues/9514","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9514/packages"},{"uuid":"4147706060","node_id":"PR_kwDOOK9uiM7N4A8_","number":150,"state":"closed","title":"chore(deps): bump the pip group across 28 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T03:17:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T22:23:02.000Z","updated_at":"2026-04-02T03:17:47.000Z","time_to_close":536083,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/cloud-client-temp directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `24.1.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.9.2` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `24.4.2` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.53.0` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` |\n\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 1 update in the /dataflow/run_template directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 3 updates in the /iap directory: [requests](https://github.com/psf/requests), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loa...\n\n_Description has been truncated_","html_url":"https://github.com/Reality2byte/python-docs-samples/pull/150","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Reality2byte%2Fpython-docs-samples/issues/150","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/150/packages"},{"uuid":"4144396385","node_id":"PR_kwDOO-I9t87Nvas_","number":8,"state":"closed","title":"chore(deps): bump the pip group across 25 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-02T04:10:16.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T14:19:09.000Z","updated_at":"2026-04-02T04:10:18.000Z","time_to_close":568267,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003cco...\n\n_Description has been truncated_","html_url":"https://github.com/ASISBusiness/python-docs-samples/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASISBusiness%2Fpython-docs-samples/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4144077079","node_id":"PR_kwDOOK9uiM7Nuhf9","number":147,"state":"open","title":"chore(deps): bump the pip group across 27 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-26T13:42:02.000Z","updated_at":"2026-04-08T04:51:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":16,"packages":[{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"authlib","old_version":"1.2.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"orjson","old_version":"3.9.1","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.4.8","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 3 updates in the /appengine/standard/firebase/firenotes/backend directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [werkzeug](https://github.com/pallets/werkzeug) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /cloud-sql/sql-server/sqlalchemy directory: [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 12 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [authlib](https://github.com/authlib/authlib) | `1.2.1` | `1.6.9` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.1` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n\nBumps the pip group with 6 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n\nBumps the pip group with 12 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [authlib](https://github.com/authlib/authlib) | `1.2.1` | `1.6.9` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.1` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n\nBumps the pip group with 12 updates in the /composer/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `24.1.0` | `26.0.0` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.9.2` | `3.2.0b1` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [black](https://github.com/psf/black) | `24.4.2` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.53.0` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.3` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 5 updates in the /dataflow/flex-templates/pipeline_with_dependencies directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.42.1` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.15` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 1 update in the /dataflow/run_template directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 3 updates in the /endpoints/getting-started directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /functions/concepts-requests directory: [flask](https://github.com/pallets/flask) and [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /functions/tips-connection-pooling directory: [flask](https://github.com/pallets/flask) and [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 3 updates in the /iap directory: [requests](https://github.com/psf/requests), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 2 updates in the /kms/attestations directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 2 updates in the /run/service-auth directory: [flask](https://github.com/pallets/flask) and [requests](https://github.com/psf/requests).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.0 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.0...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.27.1 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.27.1...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.3...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/...\n\n_Description has been truncated_","html_url":"https://github.com/Reality2byte/python-docs-samples/pull/147","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Reality2byte%2Fpython-docs-samples/issues/147","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/147/packages"},{"uuid":"4141914658","node_id":"PR_kwDONuDge87Nokly","number":429,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-26T09:21:02.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T08:53:38.000Z","updated_at":"2026-03-26T09:21:12.000Z","time_to_close":1644,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":4,"packages":[{"name":"black","old_version":"26.1.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"43.0.3","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"pyopenssl","old_version":"24.2.1","new_version":"22.0.0"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 3 updates in the / directory: [black](https://github.com/psf/black), [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `black` from 26.1.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.1.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.3 to 46.0.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed an issue where users installing via ``pip`` on Python 3.14 development\n  versions would not properly install a dependency.\n* Fixed an issue building the free-threaded macOS 3.14 wheels.\n\u003cp\u003e.. _v46-0-0:\u003c/p\u003e\n\u003cp\u003e46.0.0 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.7 has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/62230623d183706632c0eb7822c96ac95e3710a8\"\u003e\u003ccode\u003e6223062\u003c/code\u003e\u003c/a\u003e release 46.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13446\"\u003e#13446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.3...46.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 24.2.1 to 22.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e24.2.1 (2024-07-20)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed changelog to remove sphinx specific restructured text strings.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e24.2.0 (2024-07-20)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecated \u003ccode\u003eOpenSSL.crypto.X509Req\u003c/code\u003e, \u003ccode\u003eOpenSSL.crypto.load_certificate_request\u003c/code\u003e, \u003ccode\u003eOpenSSL.crypto.dump_certificate_request\u003c/code\u003e. Instead, \u003ccode\u003ecryptography.x509.CertificateSigningRequest\u003c/code\u003e, \u003ccode\u003ecryptography.x509.CertificateSigningRequestBuilder\u003c/code\u003e, \u003ccode\u003ecryptography.x509.load_der_x509_csr\u003c/code\u003e, or \u003ccode\u003ecryptography.x509.load_pem_x509_csr\u003c/code\u003e should be used.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded type hints for the \u003ccode\u003eSSL\u003c/code\u003e module.\n\u003ccode\u003e[#1308](https://github.com/pyca/pyopenssl/issues/1308) \u0026lt;https://github.com/pyca/pyopenssl/pull/1308\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eOpenSSL.crypto.PKey.from_cryptography_key\u003c/code\u003e to accept public and private EC, ED25519, ED448 keys.\n\u003ccode\u003e[#1310](https://github.com/pyca/pyopenssl/issues/1310) \u0026lt;https://github.com/pyca/pyopenssl/pull/1310\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e24.1.0 (2024-03-09)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved the deprecated \u003ccode\u003eOpenSSL.crypto.PKCS12\u003c/code\u003e and\n\u003ccode\u003eOpenSSL.crypto.NetscapeSPKI\u003c/code\u003e. \u003ccode\u003eOpenSSL.crypto.PKCS12\u003c/code\u003e may be replaced\nby the PKCS#12 APIs in the \u003ccode\u003ecryptography\u003c/code\u003e package.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/819095fa886db98cf43b6f0e66ba19c83d64d3c0\"\u003e\u003ccode\u003e819095f\u003c/code\u003e\u003c/a\u003e bump for 22.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1079\"\u003e#1079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/41ceefb0f81d6ac056e9d84e47de57191e067b8e\"\u003e\u003ccode\u003e41ceefb\u003c/code\u003e\u003c/a\u003e Docs: Fix param type for methods where digest is used (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/fb26edde0aa27670c7bb24c0daeb05516e83d7b0\"\u003e\u003ccode\u003efb26edd\u003c/code\u003e\u003c/a\u003e Reduce MD5 and SHA1 dependency in tests (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d184fbbbb68b352a5818ebf94b4a6d68bb92d35a\"\u003e\u003ccode\u003ed184fbb\u003c/code\u003e\u003c/a\u003e Update variable name, there are now many linuxes (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b85cfd411af794e77e9be645316607063234975\"\u003e\u003ccode\u003e8b85cfd\u003c/code\u003e\u003c/a\u003e Rename path_string to path_bytes since that's what it actually does (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/de073c62c809b2cd67315c5b3ae99ef38fcd26a9\"\u003e\u003ccode\u003ede073c6\u003c/code\u003e\u003c/a\u003e Remove native, it's behavior is confusing (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/c175f152a4b4c02f166035c915a847c3281b1e8c\"\u003e\u003ccode\u003ec175f15\u003c/code\u003e\u003c/a\u003e Remove dead code (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1068\"\u003e#1068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7120bb59d165103d8f2cffd0726709591b572174\"\u003e\u003ccode\u003e7120bb5\u003c/code\u003e\u003c/a\u003e Accept pathlib.Path as a valid path (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1027\"\u003e#1027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/db092ce0c542aaea1407961be063b509a0f37551\"\u003e\u003ccode\u003edb092ce\u003c/code\u003e\u003c/a\u003e Remove call to init_static_locks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1066\"\u003e#1066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a63c75a8417a286173497884f550b11d1b173ec2\"\u003e\u003ccode\u003ea63c75a\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 2.3.0 to 2.3.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1064\"\u003e#1064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/24.2.1...22.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MESH-Research/knowledge-commons-profiles/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/MESH-Research/knowledge-commons-profiles/pull/429","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MESH-Research%2Fknowledge-commons-profiles/issues/429","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/429/packages"},{"uuid":"4141501725","node_id":"PR_kwDOLA_7i87NncE_","number":3,"state":"closed","title":"chore(deps): bump the pip group across 17 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T02:08:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T07:47:47.000Z","updated_at":"2026-04-02T02:08:12.000Z","time_to_close":584425,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":10,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"41.0.6","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"3.0.1","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 5 updates in the /cloud-media-livestream/keypublisher directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.6` | `46.0.5` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 1 update in the /dataflow/run_template directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 5 updates in the /endpoints/getting-started directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `3.0.0` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `4.0.0` | `6.0.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the pip group with 1 update in the /generative_ai directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 5 updates in the /iap directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.6` | `46.0.5` |\n| [flask](https://github.com/pallets/flask) | `3.0.0` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 41.0.6 to 46.0.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed an issue where users installing via ``pip`` on Python 3.14 development\n  versions would not properly install a dependency.\n* Fixed an issue building the free-threaded macOS 3.14 wheels.\n\u003cp\u003e.. _v46-0-0:\u003c/p\u003e\n\u003cp\u003e46.0.0 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.7 has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/62230623d183706632c0eb7822c96ac95e3710a8\"\u003e\u003ccode\u003e6223062\u003c/code\u003e\u003c/a\u003e release 46.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13446\"\u003e#13446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/41.0.6...46.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 23.2.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/23.2.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.1 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.1...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.gi...\n\n_Description has been truncated_","html_url":"https://github.com/c6ai/python-docs-samples/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/c6ai%2Fpython-docs-samples/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4138466831","node_id":"PR_kwDORfsT-s7NfGdr","number":28,"state":"closed","title":"build(deps): bump the uv group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-25T20:58:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T20:54:58.000Z","updated_at":"2026-03-25T20:58:30.000Z","time_to_close":210,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":2,"packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.9.2","repository_url":"https://github.com/py-pdf/pypdf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the / directory: [pyopenssl](https://github.com/pyca/pyopenssl) and [pypdf](https://github.com/py-pdf/pypdf).\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e) by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/da867f4961e4ac5ac9d751cba3131c5a1a8777f3\"\u003e\u003ccode\u003eda867f4\u003c/code\u003e\u003c/a\u003e REL: 6.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413\"\u003e\u003ccode\u003e02b1345\u003c/code\u003e\u003c/a\u003e SEC: Avoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/3bef3393757d9ab711032cb07019ae3b8132ba42\"\u003e\u003ccode\u003e3bef339\u003c/code\u003e\u003c/a\u003e MAINT: Prefer bytearray over bytes in image_inline (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/04b0a38f56ade7ba8ab9ed2f2b83e86794a036d5\"\u003e\u003ccode\u003e04b0a38\u003c/code\u003e\u003c/a\u003e ROB: Resolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0e5157c2d9440c3594de43ffe27745eb474a2fb9\"\u003e\u003ccode\u003e0e5157c\u003c/code\u003e\u003c/a\u003e REL: 6.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e\"\u003e\u003ccode\u003e0b5d05d\u003c/code\u003e\u003c/a\u003e SEC: Improve performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/87aa1d436b91c055f6ed1a4ed4146567e5db67b3\"\u003e\u003ccode\u003e87aa1d4\u003c/code\u003e\u003c/a\u003e DEV: Remove unused reverse encoding dicts (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/84f526622657d3da2068d5c05c0cba8746aec7b0\"\u003e\u003ccode\u003e84f5266\u003c/code\u003e\u003c/a\u003e MAINT: Use placeholder-based approach for logger_error (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/8f1f4aa8607a1e3b4730d67ca24e6b8f86bf526f\"\u003e\u003ccode\u003e8f1f4aa\u003c/code\u003e\u003c/a\u003e REL: 6.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5a9a0da71714c4361b38ebdcaf304291569d7a2f\"\u003e\u003ccode\u003e5a9a0da\u003c/code\u003e\u003c/a\u003e BUG: Avoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KalCola/crawl4ai/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/KalCola/crawl4ai/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KalCola%2Fcrawl4ai/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"},{"uuid":"4136551773","node_id":"PR_kwDOMm8pg87NZsN-","number":1724,"state":"open","title":"Bump pyopenssl from 25.3.0 to 26.0.0 in /nemo_retriever","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-25T15:58:53.000Z","updated_at":"2026-03-25T15:58:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/nemo_retriever","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=uv\u0026previous-version=25.3.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NVIDIA/NeMo-Retriever/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/NVIDIA/NeMo-Retriever/pull/1724","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NVIDIA%2FNeMo-Retriever/issues/1724","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1724/packages"},{"uuid":"4134348202","node_id":"PR_kwDORwUrZc7NTP1q","number":3,"state":"closed","title":"Bump pyopenssl from 25.1.0 to 26.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-25T10:39:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T10:36:15.000Z","updated_at":"2026-03-25T10:39:01.000Z","time_to_close":165,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.1.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.1.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=pip\u0026previous-version=25.1.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stark-Expo-Tech-Exchange/DSTerminal_SOP_Documentation/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Stark-Expo-Tech-Exchange/DSTerminal_SOP_Documentation/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Stark-Expo-Tech-Exchange%2FDSTerminal_SOP_Documentation/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4117152950","node_id":"PR_kwDOROZGpc7Mhn51","number":27,"state":"closed","title":"build(deps): bump pyopenssl from 25.3.0 to 26.0.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-22T23:26:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-22T21:26:50.000Z","updated_at":"2026-03-22T23:27:02.000Z","time_to_close":7203,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=uv\u0026previous-version=25.3.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/teh-hippo/ha-porkbun/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/teh-hippo/ha-porkbun/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/teh-hippo%2Fha-porkbun/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}],"issue_packages":[{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-08T19:52:43.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4227240413","node_id":"PR_kwDOO-I9t87Q6zQs","number":12,"state":"open","title":"chore(deps): bump the pip group across 25 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-08T19:52:43.000Z","updated_at":"2026-04-08T19:52:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.7","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.7` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.7` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.7` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/co...\n\n_Description has been truncated_","html_url":"https://github.com/ASISBusiness/python-docs-samples/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASISBusiness%2Fpython-docs-samples/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-08T08:01:03.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4223006296","node_id":"PR_kwDORKFnMM7Qu_PA","number":10,"state":"closed","title":"chore(deps): bump the pip group across 24 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T19:53:18.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-08T08:01:03.000Z","updated_at":"2026-04-08T19:53:20.000Z","time_to_close":42735,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":12,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `24.1.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.9.2` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `24.4.2` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.53.0` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` |\n\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.0.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.6 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.6...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/Dalek2023/python-docs-samples/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dalek2023%2Fpython-docs-samples/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"18.0.0","new_version":"26.0.0","update_type":"major","path":"/tlbox/apps/csv-to-sheets","pr_created_at":"2026-04-03T06:33:59.000Z","version_change":"18.0.0 → 26.0.0","issue":{"uuid":"4198714678","node_id":"PR_kwDOByY7Y87PvMt_","number":284,"state":"closed","title":"Bump pyopenssl from 18.0.0 to 26.0.0 in /tlbox/apps/csv-to-sheets","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-03T07:46:57.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T06:33:59.000Z","updated_at":"2026-04-03T07:47:02.000Z","time_to_close":4378,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"18.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/tlbox/apps/csv-to-sheets","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 18.0.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/18.0.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=pip\u0026previous-version=18.0.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/michael-christen/toolbox/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/michael-christen/toolbox/pull/284","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/michael-christen%2Ftoolbox/issues/284","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/284/packages"}},{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-02T04:10:13.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4191416269","node_id":"PR_kwDOO-I9t87PcOl4","number":10,"state":"open","title":"chore(deps): bump the pip group across 25 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-02T04:10:13.000Z","updated_at":"2026-04-02T04:10:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.6` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003cco...\n\n_Description has been truncated_","html_url":"https://github.com/ASISBusiness/python-docs-samples/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASISBusiness%2Fpython-docs-samples/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"22.1.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-01T21:25:15.000Z","version_change":"22.1.0 → 26.0.0","issue":{"uuid":"4189975053","node_id":"PR_kwDOI6zrXc7PYnkl","number":9,"state":"closed","title":"Bump the pip group across 5 directories with 15 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-07T01:08:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T21:25:15.000Z","updated_at":"2026-04-07T01:08:22.000Z","time_to_close":445385,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":15,"packages":[{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"starlette","old_version":"0.17.1","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"werkzeug","old_version":"2.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"black","old_version":"22.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"38.0.1","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"gradio","old_version":"3.11","new_version":"6.7.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pyopenssl","old_version":"22.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"h11","old_version":"0.12.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 8 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [starlette](https://github.com/Kludex/starlette) | `0.17.1` | `0.49.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.1.6` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `38.0.1` | `46.0.6` |\n| [gradio](https://github.com/gradio-app/gradio) | `3.11` | `6.7.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.1.0` | `26.0.0` |\n| [h11](https://github.com/python-hyper/h11) | `0.12.0` | `0.16.0` |\n\nBumps the pip group with 1 update in the /python/ray/tune directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /python/requirements/compat directory: [torch](https://github.com/pytorch/pytorch) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 6 updates in the /python/requirements/ml directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [torch](https://github.com/pytorch/pytorch) | `1.13.0` | `2.7.1+cpu` |\n| [transformers](https://github.com/huggingface/transformers) | `4.19.1` | `4.53.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.20.1` | `5.29.6` |\n| [mlflow](https://github.com/mlflow/mlflow) | `1.21.0` | `3.9.0rc0` |\n| [sentencepiece](https://github.com/google/sentencepiece) | `0.1.96` | `0.2.1` |\n| [onnx](https://github.com/onnx/onnx) | `1.12.0` | `1.21.0` |\n\nBumps the pip group with 1 update in the /release/ml_user_tests/ray-lightning directory: [torch](https://github.com/pytorch/pytorch).\n\nUpdates `flask` from 2.1.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.1.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.17.1 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.2 (July 20, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003eUploadFile\u003c/code\u003e check for future rollover \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2962\"\u003e#2962\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.1 (June 21, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eSelf\u003c/code\u003e in \u003ccode\u003eTestClient.__enter__\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2951\"\u003e#2951\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAllow async exception handlers to type-check \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2949\"\u003e#2949\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.17.1...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 2.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/2.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `black` from 22.10.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/22.10.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 38.0.1 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/38.0.1...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gradio` from 3.11 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gradio-app/gradio/blob/main/CHANGELOG.md\"\u003egradio's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12829\"\u003e#12829\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d720b25b575fb9817311212e1c0afa82abf27468\"\u003e\u003ccode\u003ed720b25\u003c/code\u003e\u003c/a\u003e - Allow :fastest :cheapest options when loading models.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12918\"\u003e#12918\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e - Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12929\"\u003e#12929\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e - Add server functions support to gr.HTML.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12917\"\u003e#12917\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e - Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML components.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12899\"\u003e#12899\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/820eff050232f2ce40813e98e3294930e142e1c1\"\u003e\u003ccode\u003e820eff0\u003c/code\u003e\u003c/a\u003e - Add support for gr.HTML as a layout element.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12900\"\u003e#12900\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d6907acf8beed0d9b5167398902d3f900d1a2ab9\"\u003e\u003ccode\u003ed6907ac\u003c/code\u003e\u003c/a\u003e - add \u003ccode\u003eSKILLS.md\u003c/code\u003e to Gradio repo, part 1 + cleanup.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12907\"\u003e#12907\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/3e625a0ecfab6e74b7561b68adbe55341ecbc47a\"\u003e\u003ccode\u003e3e625a0\u003c/code\u003e\u003c/a\u003e - Better error handling when connection to server is lost.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12911\"\u003e#12911\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e - Fix Button component ignoring the \u003ccode\u003escale\u003c/code\u003e parameter.  Thanks \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12925\"\u003e#12925\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e - Walkthrough Selected Bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12890\"\u003e#12890\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ac29df82a735c72c021c07e0816f78001147671b\"\u003e\u003ccode\u003eac29df8\u003c/code\u003e\u003c/a\u003e - fix DataFrame NaN values becoming 0 after sorting.  Thanks \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12926\"\u003e#12926\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e - Fix absolute path issue in Windows.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12904\"\u003e#12904\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e - Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive Tabs.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12903\"\u003e#12903\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/57707c72edd0e9fee9821882f75ab322ce110fe3\"\u003e\u003ccode\u003e57707c7\u003c/code\u003e\u003c/a\u003e - Fix Tab i18n issue.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12901\"\u003e#12901\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1387fc6a35edd965a3c1e29d693b7d5697595ac5\"\u003e\u003ccode\u003e1387fc6\u003c/code\u003e\u003c/a\u003e - Fix unload event bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12906\"\u003e#12906\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e - Lazy load sub-tab and accordion components.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12839\"\u003e#12839\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1c671b39830ccf1c87f6cfcb4669e97dfb3a7367\"\u003e\u003ccode\u003e1c671b3\u003c/code\u003e\u003c/a\u003e - Hide forms with no elements.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12700\"\u003e#12700\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b01c95a58be8e18bb4ddef7f2ee238a7774e5be9\"\u003e\u003ccode\u003eb01c95a\u003c/code\u003e\u003c/a\u003e - Rewrite behavior section of docs.  Thanks \u003ca href=\"https://github.com/aliabd\"\u003e\u003ccode\u003e@​aliabd\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12875\"\u003e#12875\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d0b34228d756334d901fc34971959ea422eb55bd\"\u003e\u003ccode\u003ed0b3422\u003c/code\u003e\u003c/a\u003e - Fix stop button not switching back to submit button in chat interface.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12797\"\u003e#12797\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6a0c6eae53931ec137c0b8379428acc8a7ea27c9\"\u003e\u003ccode\u003e6a0c6ea\u003c/code\u003e\u003c/a\u003e - Refactor translation logic.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12877\"\u003e#12877\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ebbd24231dbc006c21fbbf1df00918be16883b86\"\u003e\u003ccode\u003eebbd242\u003c/code\u003e\u003c/a\u003e - Ensure disconnected toast text is visible.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12873\"\u003e#12873\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6533d38c29ee86823e58d94a8afedd219bcc9011\"\u003e\u003ccode\u003e6533d38\u003c/code\u003e\u003c/a\u003e - Fix stop button not working in Audio streaming.  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12862\"\u003e#12862\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a8e6b7ba1e6af793b6a200d4cc6b07f3151f229e\"\u003e\u003ccode\u003ea8e6b7b\u003c/code\u003e\u003c/a\u003e - Fix ColorPicker not firing focus, blur, or submit events after Svelte 5 migration.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12865\"\u003e#12865\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/db7ab39c7e6ea3d1a2f0ce1991b5dbc0483b1e27\"\u003e\u003ccode\u003edb7ab39\u003c/code\u003e\u003c/a\u003e - Fix Gallery fullscreen button not working in preview mode.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12866\"\u003e#12866\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/981039647a4212c649a33dc4b56a4714980519eb\"\u003e\u003ccode\u003e9810396\u003c/code\u003e\u003c/a\u003e - Fix Gallery preview=True parameter not working on initial load.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12894\"\u003e#12894\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e0cd4cadb6d73ba70727c51cf37d7068c3cf4fbf\"\u003e\u003ccode\u003ee0cd4ca\u003c/code\u003e\u003c/a\u003e - Fix load examples bug in spa.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12830\"\u003e#12830\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a2a0078de878481752b952f9ed0e759a0e884d0b\"\u003e\u003ccode\u003ea2a0078\u003c/code\u003e\u003c/a\u003e - \u003ccode\u003eVideo\u003c/code\u003e to Svelte 5.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12882\"\u003e#12882\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/fc7c01ea1e581ef70be98fddf003b0c91315c7cc\"\u003e\u003ccode\u003efc7c01e\u003c/code\u003e\u003c/a\u003e - Validate proxy url host.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12874\"\u003e#12874\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b10e17cafbe9ff385e44bcc63a85de0d893e2662\"\u003e\u003ccode\u003eb10e17c\u003c/code\u003e\u003c/a\u003e - fix(reloading): Re-assign config for \u003ccode\u003eSpacesReloader\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/cbensimon\"\u003e\u003ccode\u003e@​cbensimon\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12884\"\u003e#12884\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e\"\u003e\u003ccode\u003edfee0da\u003c/code\u003e\u003c/a\u003e - Oauth fixes.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12811\"\u003e#12811\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/8f8cef87bfb3af64867804ad45f4385af09e07b4\"\u003e\u003ccode\u003e8f8cef8\u003c/code\u003e\u003c/a\u003e - Fix windows tests.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12846\"\u003e#12846\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/226daba5f65257244efc7c310500ea5366b20a87\"\u003e\u003ccode\u003e226daba\u003c/code\u003e\u003c/a\u003e - Fix bug where children of accordions dont get rendered when they are opened programmatically.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12887\"\u003e#12887\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/c0067785575aa0ad643d66067b315020c8b5fb6d\"\u003e\u003ccode\u003ec006778\u003c/code\u003e\u003c/a\u003e - Fix AttributeError in ColoredCheckboxGroup.api_info().  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.5.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/8b03393a51e1e03fb04cb0a41b9a5dc3266a58aa\"\u003e\u003ccode\u003e8b03393\u003c/code\u003e\u003c/a\u003e chore: update versions (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12902\"\u003e#12902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/c4b92e21d3f0b47595e40b35952e2b8e126ca6ef\"\u003e\u003ccode\u003ec4b92e2\u003c/code\u003e\u003c/a\u003e Fix skill generation check (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12931\"\u003e#12931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e Add server functions support to gr.HTML (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12929\"\u003e#12929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive T...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e Fix absolute path issue in Windows (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12926\"\u003e#12926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12918\"\u003e#12918\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e Lazy load sub-tab and accordion components (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12906\"\u003e#12906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e Walkthrough Selected Bug (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12925\"\u003e#12925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e Fix Button component ignoring scale parameter (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12911\"\u003e#12911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gradio-app/gradio/compare/v3.11.0...gradio@6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 22.1.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/22.1.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.12.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/70a96bea8e55403e5d92db14c111432c6d7a8685\"\u003e\u003ccode\u003e70a96be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/python-hyper/h11/issues/181\"\u003e#181\u003c/a\u003e from Julien00859/Julien00859/get_int_max_str_digits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/co...\n\n_Description has been truncated_","html_url":"https://github.com/MiChaelinzo/ray/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MiChaelinzo%2Fray/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"22.1.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-01T21:24:05.000Z","version_change":"22.1.0 → 26.0.0","issue":{"uuid":"4189968882","node_id":"PR_kwDOJAGkXM7PYmsE","number":9,"state":"closed","title":"Bump the pip group across 3 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-07T01:12:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T21:24:05.000Z","updated_at":"2026-04-07T01:12:36.000Z","time_to_close":445709,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":12,"packages":[{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"starlette","old_version":"0.17.1","new_version":"0.49.1","repository_url":"https://github.com/Kludex/starlette"},{"name":"werkzeug","old_version":"2.1.2","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"azure-identity","old_version":"1.10.0","new_version":"1.16.1","repository_url":"https://github.com/Azure/azure-sdk-for-python"},{"name":"cryptography","old_version":"38.0.1","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"gradio","old_version":"3.11","new_version":"6.7.0","repository_url":"https://github.com/gradio-app/gradio"},{"name":"pyopenssl","old_version":"22.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"pymongo","old_version":"4.3.2","new_version":"4.6.3","repository_url":"https://github.com/mongodb/mongo-python-driver"},{"name":"h11","old_version":"0.12.0","new_version":"0.16.0","repository_url":"https://github.com/python-hyper/h11"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 9 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [starlette](https://github.com/Kludex/starlette) | `0.17.1` | `0.49.1` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.1.6` |\n| [azure-identity](https://github.com/Azure/azure-sdk-for-python) | `1.10.0` | `1.16.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `38.0.1` | `46.0.6` |\n| [gradio](https://github.com/gradio-app/gradio) | `3.11` | `6.7.0` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `22.1.0` | `26.0.0` |\n| [pymongo](https://github.com/mongodb/mongo-python-driver) | `4.3.2` | `4.6.3` |\n| [h11](https://github.com/python-hyper/h11) | `0.12.0` | `0.16.0` |\n\nBumps the pip group with 3 updates in the /python/requirements/ml directory: torch, [mlflow](https://github.com/mlflow/mlflow) and [onnx](https://github.com/onnx/onnx).\nBumps the pip group with 1 update in the /release/ml_user_tests/ray-lightning directory: torch.\n\nUpdates `flask` from 2.1.3 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.1.3...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `starlette` from 0.17.1 to 0.49.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/releases\"\u003estarlette's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 0.49.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.49.0...0.49.1\"\u003ehttps://github.com/Kludex/starlette/compare/0.49.0...0.49.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.49.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TheWesDias\"\u003e\u003ccode\u003e@​TheWesDias\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3017\"\u003eKludex/starlette#3017\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gmos2104\"\u003e\u003ccode\u003e@​gmos2104\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003eKludex/starlette#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/secrett2633\"\u003e\u003ccode\u003e@​secrett2633\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003eKludex/starlette#2996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adam-sikora\"\u003e\u003ccode\u003e@​adam-sikora\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003eKludex/starlette#2976\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.48.0...0.49.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.48.0...0.49.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 0.48.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yakimka\"\u003e\u003ccode\u003e@​yakimka\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2943\"\u003eKludex/starlette#2943\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbeijen\"\u003e\u003ccode\u003e@​mbeijen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003eKludex/starlette#2939\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/Kludex/starlette/compare/0.47.3...0.48.0\"\u003ehttps://github.com/Kludex/starlette/compare/0.47.3...0.48.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Kludex/starlette/blob/main/docs/release-notes.md\"\u003estarlette's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.49.1 (October 28, 2025)\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the parsing logic of the \u003ccode\u003eRange\u003c/code\u003e header in \u003ccode\u003eFileResponse\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eYou can view the full security advisory: \u003ca href=\"https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8\"\u003eGHSA-7f5h-v6xp-fcq8\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eOptimize the HTTP ranges parsing logic \u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e4ea6e22b489ec388d6004cfbca52dd5b147127c5\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.49.0 (October 28, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eencoding\u003c/code\u003e parameter to \u003ccode\u003eConfig\u003c/code\u003e class \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2996\"\u003e#2996\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSupport multiple cookie headers in \u003ccode\u003eRequest.cookies\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3029\"\u003e#3029\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003eLiteral\u003c/code\u003e type for \u003ccode\u003eWebSocketEndpoint\u003c/code\u003e encoding values \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3027\"\u003e#3027\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDo not pollute exception context in \u003ccode\u003eMiddleware\u003c/code\u003e when using \u003ccode\u003eBaseHTTPMiddleware\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2976\"\u003e#2976\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.48.0 (September 13, 2025)\u003c/h2\u003e\n\u003ch4\u003eAdded\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd official Python 3.14 support \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/3013\"\u003e#3013\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eChanged\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eImplement \u003ca href=\"https://www.rfc-editor.org/rfc/rfc9110\"\u003eRFC9110\u003c/a\u003e http status names \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2939\"\u003e#2939\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.3 (August 24, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003easyncio.iscoroutinefunction\u003c/code\u003e for Python 3.12 and older \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2984\"\u003e#2984\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.2 (July 20, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003eUploadFile\u003c/code\u003e check for future rollover \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2962\"\u003e#2962\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.47.1 (June 21, 2025)\u003c/h2\u003e\n\u003ch4\u003eFixed\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eSelf\u003c/code\u003e in \u003ccode\u003eTestClient.__enter__\u003c/code\u003e \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2951\"\u003e#2951\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAllow async exception handlers to type-check \u003ca href=\"https://redirect.github.com/Kludex/starlette/pull/2949\"\u003e#2949\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7e4b7428f273dbdc875dcd036d20804bcfc7b2ee\"\u003e\u003ccode\u003e7e4b742\u003c/code\u003e\u003c/a\u003e Version 0.49.1 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3047\"\u003e#3047\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5\"\u003e\u003ccode\u003e4ea6e22\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/7d88ea6f8ec8aa99cdb5fc7a10b88db5aadfdfee\"\u003e\u003ccode\u003e7d88ea6\u003c/code\u003e\u003c/a\u003e Version 0.49.0 (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3046\"\u003e#3046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/26d66bbfb05c7bbecbbb57106c65f33682f8174e\"\u003e\u003ccode\u003e26d66bb\u003c/code\u003e\u003c/a\u003e Do not pollute exception context in Middleware (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2976\"\u003e#2976\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/a59397db889e3a96c4f34b1406957a3b92e1e8b5\"\u003e\u003ccode\u003ea59397d\u003c/code\u003e\u003c/a\u003e Set encodings when reading config files (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/2996\"\u003e#2996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3b7f0cbf598be305528a498a35089ce723060372\"\u003e\u003ccode\u003e3b7f0cb\u003c/code\u003e\u003c/a\u003e test: add test for unknown status (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3035\"\u003e#3035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/b09ce1a99d352ee6f5b896597f03a1a57507afcd\"\u003e\u003ccode\u003eb09ce1a\u003c/code\u003e\u003c/a\u003e docs: fix legibility issues on sponsorship page (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3039\"\u003e#3039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/0f0edcf8007412d9536bf8714c5815ce8f5dba4b\"\u003e\u003ccode\u003e0f0edcf\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Add Marcelo Trylesinski to the license (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3025\"\u003e#3025\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3044\"\u003e#3044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/3912d6313730cc6004dfb4436e37dbc1a81db7c8\"\u003e\u003ccode\u003e3912d63\u003c/code\u003e\u003c/a\u003e docs: add social icons (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3038\"\u003e#3038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kludex/starlette/commit/4915a9309fcad58ac08b9fa550563d3287b531ad\"\u003e\u003ccode\u003e4915a93\u003c/code\u003e\u003c/a\u003e Add discord to README/docs (\u003ca href=\"https://redirect.github.com/Kludex/starlette/issues/3034\"\u003e#3034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Kludex/starlette/compare/0.17.1...0.49.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 2.1.2 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/2.1.2...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `azure-identity` from 1.10.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/05f60c8a38210db9af434d45f06f6fcf09fc4f05\"\u003e\u003ccode\u003e05f60c8\u003c/code\u003e\u003c/a\u003e Use esrp release task that supports federated auth (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35523\"\u003e#35523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/4699efbe0e7f357b2d254ca2a6537e16afd32e9f\"\u003e\u003ccode\u003e4699efb\u003c/code\u003e\u003c/a\u003e pin setuptools (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35212\"\u003e#35212\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/6a07fc9bf93f0ec234e0797e14f906ae2a6ca4f4\"\u003e\u003ccode\u003e6a07fc9\u003c/code\u003e\u003c/a\u003e [Identity] Fix device code tests (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35846\"\u003e#35846\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/e16a704b4265020c9ff3b33b80088409680d4f72\"\u003e\u003ccode\u003ee16a704\u003c/code\u003e\u003c/a\u003e [Identity] Add Azure Arc key validation checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/f07513ce14a15d3d29f8a3e1d90b93152b207692\"\u003e\u003ccode\u003ef07513c\u003c/code\u003e\u003c/a\u003e [DI] Enable to run sphinx in pipeline (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35078\"\u003e#35078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/dba02d4c36960684ea864b7a082ceef802e8767f\"\u003e\u003ccode\u003edba02d4\u003c/code\u003e\u003c/a\u003e bump tcgc to 0.23.1 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35119\"\u003e#35119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/828e8337e1badc2e7ea455cd38453e8e3d057f2e\"\u003e\u003ccode\u003e828e833\u003c/code\u003e\u003c/a\u003e [ACR] Fix pylint and sphinx errors (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35080\"\u003e#35080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/9fa8967963f263d6211f1d566b41f46fe7cf27bf\"\u003e\u003ccode\u003e9fa8967\u003c/code\u003e\u003c/a\u003e [core] Update perf-tests.yml (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35105\"\u003e#35105\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/ca8ac49bef5e7ea7b211af8fe2aa14e1ec419534\"\u003e\u003ccode\u003eca8ac49\u003c/code\u003e\u003c/a\u003e update to 0.23.0 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35110\"\u003e#35110\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Azure/azure-sdk-for-python/commit/3519fdf0c69c7347d45dbc39a084f43462fd2202\"\u003e\u003ccode\u003e3519fdf\u003c/code\u003e\u003c/a\u003e Distro 1.4.0 (\u003ca href=\"https://redirect.github.com/Azure/azure-sdk-for-python/issues/35076\"\u003e#35076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Azure/azure-sdk-for-python/compare/azure-identity_1.10.0...azure-identity_1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 38.0.1 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/38.0.1...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gradio` from 3.11 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gradio-app/gradio/blob/main/CHANGELOG.md\"\u003egradio's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12829\"\u003e#12829\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d720b25b575fb9817311212e1c0afa82abf27468\"\u003e\u003ccode\u003ed720b25\u003c/code\u003e\u003c/a\u003e - Allow :fastest :cheapest options when loading models.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12918\"\u003e#12918\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e - Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12929\"\u003e#12929\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e - Add server functions support to gr.HTML.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12917\"\u003e#12917\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e - Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML components.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12899\"\u003e#12899\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/820eff050232f2ce40813e98e3294930e142e1c1\"\u003e\u003ccode\u003e820eff0\u003c/code\u003e\u003c/a\u003e - Add support for gr.HTML as a layout element.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12900\"\u003e#12900\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d6907acf8beed0d9b5167398902d3f900d1a2ab9\"\u003e\u003ccode\u003ed6907ac\u003c/code\u003e\u003c/a\u003e - add \u003ccode\u003eSKILLS.md\u003c/code\u003e to Gradio repo, part 1 + cleanup.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12907\"\u003e#12907\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/3e625a0ecfab6e74b7561b68adbe55341ecbc47a\"\u003e\u003ccode\u003e3e625a0\u003c/code\u003e\u003c/a\u003e - Better error handling when connection to server is lost.  Thanks \u003ca href=\"https://github.com/abidlabs\"\u003e\u003ccode\u003e@​abidlabs\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12911\"\u003e#12911\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e - Fix Button component ignoring the \u003ccode\u003escale\u003c/code\u003e parameter.  Thanks \u003ca href=\"https://github.com/hztBUAA\"\u003e\u003ccode\u003e@​hztBUAA\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12925\"\u003e#12925\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e - Walkthrough Selected Bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12890\"\u003e#12890\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ac29df82a735c72c021c07e0816f78001147671b\"\u003e\u003ccode\u003eac29df8\u003c/code\u003e\u003c/a\u003e - fix DataFrame NaN values becoming 0 after sorting.  Thanks \u003ca href=\"https://github.com/Mr-Neutr0n\"\u003e\u003ccode\u003e@​Mr-Neutr0n\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12926\"\u003e#12926\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e - Fix absolute path issue in Windows.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12904\"\u003e#12904\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e - Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive Tabs.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12903\"\u003e#12903\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/57707c72edd0e9fee9821882f75ab322ce110fe3\"\u003e\u003ccode\u003e57707c7\u003c/code\u003e\u003c/a\u003e - Fix Tab i18n issue.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12901\"\u003e#12901\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1387fc6a35edd965a3c1e29d693b7d5697595ac5\"\u003e\u003ccode\u003e1387fc6\u003c/code\u003e\u003c/a\u003e - Fix unload event bug.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12906\"\u003e#12906\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e - Lazy load sub-tab and accordion components.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12839\"\u003e#12839\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/1c671b39830ccf1c87f6cfcb4669e97dfb3a7367\"\u003e\u003ccode\u003e1c671b3\u003c/code\u003e\u003c/a\u003e - Hide forms with no elements.  Thanks \u003ca href=\"https://github.com/aliabid94\"\u003e\u003ccode\u003e@​aliabid94\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12700\"\u003e#12700\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b01c95a58be8e18bb4ddef7f2ee238a7774e5be9\"\u003e\u003ccode\u003eb01c95a\u003c/code\u003e\u003c/a\u003e - Rewrite behavior section of docs.  Thanks \u003ca href=\"https://github.com/aliabd\"\u003e\u003ccode\u003e@​aliabd\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12875\"\u003e#12875\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/d0b34228d756334d901fc34971959ea422eb55bd\"\u003e\u003ccode\u003ed0b3422\u003c/code\u003e\u003c/a\u003e - Fix stop button not switching back to submit button in chat interface.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12797\"\u003e#12797\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6a0c6eae53931ec137c0b8379428acc8a7ea27c9\"\u003e\u003ccode\u003e6a0c6ea\u003c/code\u003e\u003c/a\u003e - Refactor translation logic.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12877\"\u003e#12877\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/ebbd24231dbc006c21fbbf1df00918be16883b86\"\u003e\u003ccode\u003eebbd242\u003c/code\u003e\u003c/a\u003e - Ensure disconnected toast text is visible.  Thanks \u003ca href=\"https://github.com/hannahblair\"\u003e\u003ccode\u003e@​hannahblair\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12873\"\u003e#12873\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/6533d38c29ee86823e58d94a8afedd219bcc9011\"\u003e\u003ccode\u003e6533d38\u003c/code\u003e\u003c/a\u003e - Fix stop button not working in Audio streaming.  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12862\"\u003e#12862\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a8e6b7ba1e6af793b6a200d4cc6b07f3151f229e\"\u003e\u003ccode\u003ea8e6b7b\u003c/code\u003e\u003c/a\u003e - Fix ColorPicker not firing focus, blur, or submit events after Svelte 5 migration.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12865\"\u003e#12865\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/db7ab39c7e6ea3d1a2f0ce1991b5dbc0483b1e27\"\u003e\u003ccode\u003edb7ab39\u003c/code\u003e\u003c/a\u003e - Fix Gallery fullscreen button not working in preview mode.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12866\"\u003e#12866\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/981039647a4212c649a33dc4b56a4714980519eb\"\u003e\u003ccode\u003e9810396\u003c/code\u003e\u003c/a\u003e - Fix Gallery preview=True parameter not working on initial load.  Thanks \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12894\"\u003e#12894\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/e0cd4cadb6d73ba70727c51cf37d7068c3cf4fbf\"\u003e\u003ccode\u003ee0cd4ca\u003c/code\u003e\u003c/a\u003e - Fix load examples bug in spa.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12830\"\u003e#12830\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/a2a0078de878481752b952f9ed0e759a0e884d0b\"\u003e\u003ccode\u003ea2a0078\u003c/code\u003e\u003c/a\u003e - \u003ccode\u003eVideo\u003c/code\u003e to Svelte 5.  Thanks \u003ca href=\"https://github.com/dawoodkhan82\"\u003e\u003ccode\u003e@​dawoodkhan82\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12882\"\u003e#12882\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/fc7c01ea1e581ef70be98fddf003b0c91315c7cc\"\u003e\u003ccode\u003efc7c01e\u003c/code\u003e\u003c/a\u003e - Validate proxy url host.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12874\"\u003e#12874\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/b10e17cafbe9ff385e44bcc63a85de0d893e2662\"\u003e\u003ccode\u003eb10e17c\u003c/code\u003e\u003c/a\u003e - fix(reloading): Re-assign config for \u003ccode\u003eSpacesReloader\u003c/code\u003e.  Thanks \u003ca href=\"https://github.com/cbensimon\"\u003e\u003ccode\u003e@​cbensimon\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12884\"\u003e#12884\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/dfee0da06d0aa94b3c2684131e7898d5d5c1911e\"\u003e\u003ccode\u003edfee0da\u003c/code\u003e\u003c/a\u003e - Oauth fixes.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12811\"\u003e#12811\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/8f8cef87bfb3af64867804ad45f4385af09e07b4\"\u003e\u003ccode\u003e8f8cef8\u003c/code\u003e\u003c/a\u003e - Fix windows tests.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12846\"\u003e#12846\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/226daba5f65257244efc7c310500ea5366b20a87\"\u003e\u003ccode\u003e226daba\u003c/code\u003e\u003c/a\u003e - Fix bug where children of accordions dont get rendered when they are opened programmatically.  Thanks \u003ca href=\"https://github.com/freddyaboulton\"\u003e\u003ccode\u003e@​freddyaboulton\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/gradio-app/gradio/pull/12887\"\u003e#12887\u003c/a\u003e \u003ca href=\"https://github.com/gradio-app/gradio/commit/c0067785575aa0ad643d66067b315020c8b5fb6d\"\u003e\u003ccode\u003ec006778\u003c/code\u003e\u003c/a\u003e - Fix AttributeError in ColoredCheckboxGroup.api_info().  Thanks \u003ca href=\"https://github.com/hysts\"\u003e\u003ccode\u003e@​hysts\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.5.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/8b03393a51e1e03fb04cb0a41b9a5dc3266a58aa\"\u003e\u003ccode\u003e8b03393\u003c/code\u003e\u003c/a\u003e chore: update versions (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12902\"\u003e#12902\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/c4b92e21d3f0b47595e40b35952e2b8e126ca6ef\"\u003e\u003ccode\u003ec4b92e2\u003c/code\u003e\u003c/a\u003e Fix skill generation check (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12931\"\u003e#12931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/978bc6ea5094aa11e10994cdd662c4c663a86a83\"\u003e\u003ccode\u003e978bc6e\u003c/code\u003e\u003c/a\u003e Add server functions support to gr.HTML (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12929\"\u003e#12929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/7c3fa2a6900cfa3c87cb61ffa9b34b75d1ae49ba\"\u003e\u003ccode\u003e7c3fa2a\u003c/code\u003e\u003c/a\u003e Fix Loading Spinner Issue Caused by Events Targeting Components In Inactive T...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/6011b00d0154b85532fa901dd73cf8fa7d86fd04\"\u003e\u003ccode\u003e6011b00\u003c/code\u003e\u003c/a\u003e Fix absolute path issue in Windows (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12926\"\u003e#12926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/e29e1ccd5874cb98b813ed4f7f72d9fef2935016\"\u003e\u003ccode\u003ee29e1cc\u003c/code\u003e\u003c/a\u003e Add Space-specific skill generation to \u003ccode\u003egradio skills add\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12918\"\u003e#12918\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/81482b58706ee9948d0f04e84e632ebb8d4bf7ea\"\u003e\u003ccode\u003e81482b5\u003c/code\u003e\u003c/a\u003e Lazy load sub-tab and accordion components (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12906\"\u003e#12906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/ccff8b8cacffe36a270fcea9fc8ba29b78c31c8d\"\u003e\u003ccode\u003eccff8b8\u003c/code\u003e\u003c/a\u003e Walkthrough Selected Bug (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12925\"\u003e#12925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/dcfc429a8125204c3aafeabcab251dd7580f9a60\"\u003e\u003ccode\u003edcfc429\u003c/code\u003e\u003c/a\u003e Fix Button component ignoring scale parameter (\u003ca href=\"https://redirect.github.com/gradio-app/gradio/issues/12911\"\u003e#12911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gradio-app/gradio/commit/a0fff5cb0e4cc0f8cc3fff7b5fbe18a031c7cc27\"\u003e\u003ccode\u003ea0fff5c\u003c/code\u003e\u003c/a\u003e Add push_to_hub method to gr.HTML. Add a gallery to view notable custom HTML ...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gradio-app/gradio/compare/v3.11.0...gradio@6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 22.1.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/22.1.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pymongo` from 4.3.2 to 4.6.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/releases\"\u003epymongo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePyMongo 4.6.3\u003c/h2\u003e\n\u003cp\u003eCommunity notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.2\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.6.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.5.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.1\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.4.0b0\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePyMongo 4.3.3\u003c/h2\u003e\n\u003cp\u003eRelease notes: \u003ca href=\"https://www.mongodb.com/community/forums/t/pymongo-4-3-3-release/200145\"\u003ehttps://www.mongodb.com/community/forums/t/pymongo-4-3-3-release/200145\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst\"\u003epymongo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges in Version 4.6.3 (2024/03/27)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.3 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a potential memory access violation when decoding invalid bson.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.3 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.3 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=38360\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.2 (2024/02/21)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.2 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bug appearing in Python 3.12 where \u0026quot;RuntimeError: can't create new thread at interpreter shutdown\u0026quot;\ncould be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.2 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.2 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37906\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.1 (2023/11/29)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6.1 fixes the following bug:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003e errors re-raise exception when 0 or NoneType error code is provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eIssues Resolved\n...............\u003c/p\u003e\n\u003cp\u003eSee the \u003ccode\u003ePyMongo 4.6.1 release notes in JIRA\u003c/code\u003e_ for the list of resolved issues\nin this release.\u003c/p\u003e\n\u003cp\u003e.. _PyMongo 4.6.1 release notes in JIRA: \u003ca href=\"https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\"\u003ehttps://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004\u0026amp;version=37138\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eChanges in Version 4.6.0 (2023/11/01)\u003c/h2\u003e\n\u003cp\u003ePyMongo 4.6 brings a number of improvements including:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/8da192f9ca2d4f6464897b22b3029c227043f0cb\"\u003e\u003ccode\u003e8da192f\u003c/code\u003e\u003c/a\u003e BUMP 4.6.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/56b6b6dbc267d365d97c037082369dabf37405d2\"\u003e\u003ccode\u003e56b6b6d\u003c/code\u003e\u003c/a\u003e PYTHON-4305 Fix bson size check (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1564\"\u003e#1564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/449d0f316cbcdea59d8b69b5e4fc34ac07949dc6\"\u003e\u003ccode\u003e449d0f3\u003c/code\u003e\u003c/a\u003e BUMP to 4.6.3.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/e04576de22c06a4609b16db0f6e10e86ad5c8dad\"\u003e\u003ccode\u003ee04576d\u003c/code\u003e\u003c/a\u003e DEVPROD-3871 Use teardown_task when there is one function/command (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1533\"\u003e#1533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/cf1c6a11f76861fd6150b0df79a7ed70f2b2fea5\"\u003e\u003ccode\u003ecf1c6a1\u003c/code\u003e\u003c/a\u003e PYTHON-4219 Prep for 4.6.2 Release (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1530\"\u003e#1530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/d29b2b7cf405901a801591e475574b63aa81ac5c\"\u003e\u003ccode\u003ed29b2b7\u003c/code\u003e\u003c/a\u003e PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/0477b9bc0c59de311fbb6d6a157b97a4af8d0a23\"\u003e\u003ccode\u003e0477b9b\u003c/code\u003e\u003c/a\u003e PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (\u003ca href=\"https://redirect.github.com/mongodb/mongo-python-driver/issues/1527\"\u003e#1527\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/ecad17d24e8aafa374ab5fd194ce79b6861efcad\"\u003e\u003ccode\u003eecad17d\u003c/code\u003e\u003c/a\u003e BUMP 4.6.2.dev0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/485e0a5e56f2d524b5cbc31538a0c455e3ddd858\"\u003e\u003ccode\u003e485e0a5\u003c/code\u003e\u003c/a\u003e BUMP 4.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongodb/mongo-python-driver/commit/995365c7128c3107b4f9ce1524220378176a3a96\"\u003e\u003ccode\u003e995365c\u003c/code\u003e\u003c/a\u003e PYTHON-4038 [v4.6]: Ensure retryable read \u003ccode\u003eOperationFailure\u003c/code\u003es re-raise except...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mongodb/mongo-python-driver/compare/4.3.2...4.6.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h11` from 0.12.0 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/1c5b07581f058886c8bdd87adababd7d959dc7ca\"\u003e\u003ccode\u003e1c5b075\u003c/code\u003e\u003c/a\u003e this time for surer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d9c369935e853a7ee1aeb7e481f6dddf9b9c9b8a\"\u003e\u003ccode\u003ed9c3699\u003c/code\u003e\u003c/a\u003e this time for sure...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/d91b9dd2290a25c8c3f5ec15feb57de5873e6e39\"\u003e\u003ccode\u003ed91b9dd\u003c/code\u003e\u003c/a\u003e blacken\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/5a4683ca466b59bbab9b19cfea20ee157b31cee0\"\u003e\u003ccode\u003e5a4683c\u003c/code\u003e\u003c/a\u003e Soothe mypy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9c9567f0a92d13a83a8d8ebdbc757c8c2d384536\"\u003e\u003ccode\u003e9c9567f\u003c/code\u003e\u003c/a\u003e Bump version to 0.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/114803a29ce50116dc47951c690ad4892b1a36ed\"\u003e\u003ccode\u003e114803a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h11/commit/9462006f6ce4941661888228cbd4ac1ea80689b0\"\u003e\u003ccode\u003e9462006\u003c/code\u003e\u003c/a\u003e Bump version to 0.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/python-hyper/h1...\n\n_Description has been truncated_","html_url":"https://github.com/c6ai/ray/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/c6ai%2Fray/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"25.0.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-01T00:50:08.000Z","version_change":"25.0.0 → 26.0.0","issue":{"uuid":"4183262804","node_id":"PR_kwDOQp2jac7PG05r","number":8,"state":"closed","title":"Bump the uv group across 10 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T00:52:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-01T00:50:08.000Z","updated_at":"2026-04-01T00:52:14.000Z","time_to_close":125,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":16,"packages":[{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"mlflow","old_version":"2.22.0","new_version":"3.9.0rc0","repository_url":"https://github.com/mlflow/mlflow"},{"name":"flask","old_version":"2.1.3","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyasn1","old_version":"0.5.1","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"},{"name":"tornado","old_version":"6.5.2","new_version":"6.5.5","repository_url":"https://github.com/tornadoweb/tornado"},{"name":"werkzeug","old_version":"2.3.8","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"black","old_version":"22.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"44.0.3","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"ecdsa","old_version":"0.18.0","new_version":"0.19.2","repository_url":"https://github.com/tlsfuzzer/python-ecdsa"},{"name":"memray","old_version":"1.19.1","new_version":"1.19.2","repository_url":"https://github.com/bloomberg/memray"},{"name":"onnx","old_version":"1.15.0","new_version":"1.21.0rc1","repository_url":"https://github.com/onnx/onnx"},{"name":"orjson","old_version":"3.9.15","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"pyopenssl","old_version":"25.0.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"ujson","old_version":"5.10.0","new_version":"5.12.0","repository_url":"https://github.com/ultrajson/ultrajson"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 1 update in the /ci/raydepsets/tests/test_data directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc directory: [requests](https://github.com/psf/requests).\nBumps the uv group with 1 update in the /doc/source/ray-overview/examples/e2e-xgboost directory: [mlflow](https://github.com/mlflow/mlflow).\nBumps the uv group with 2 updates in the /doc/source/ray-overview/examples/multi_agent_a2a/content directory: [langgraph](https://github.com/langchain-ai/langgraph) and [mcp](https://github.com/modelcontextprotocol/python-sdk).\nBumps the uv group with 14 updates in the /python directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.32.5` | `2.33.0` |\n| [mlflow](https://github.com/mlflow/mlflow) | `2.22.0` | `3.9.0rc0` |\n| [flask](https://github.com/pallets/flask) | `2.1.3` | `3.1.3` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.2` | `6.5.5` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.3.8` | `3.1.6` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [ecdsa](https://github.com/tlsfuzzer/python-ecdsa) | `0.18.0` | `0.19.2` |\n| [memray](https://github.com/bloomberg/memray) | `1.19.1` | `1.19.2` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.15` | `3.11.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.0.0` | `26.0.0` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\nBumps the uv group with 1 update in the /python/ray/tune directory: [black](https://github.com/psf/black).\nBumps the uv group with 4 updates in the /python/requirements directory: [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug), [black](https://github.com/psf/black) and [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 1 update in the /python/requirements/ml directory: [onnx](https://github.com/onnx/onnx).\nBumps the uv group with 2 updates in the /release directory: [pyasn1](https://github.com/pyasn1/pyasn1) and [cryptography](https://github.com/pyca/cryptography).\nBumps the uv group with 5 updates in the /release/ray_release/byod directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [mlflow](https://github.com/mlflow/mlflow) | `3.1.4` | `3.9.0rc0` |\n| [tornado](https://github.com/tornadoweb/tornado) | `6.5.4` | `6.5.5` |\n| [black](https://github.com/psf/black) | `22.10.0` | `26.3.1` |\n| [onnx](https://github.com/onnx/onnx) | `1.15.0` | `1.21.0rc1` |\n| [ujson](https://github.com/ultrajson/ultrajson) | `5.10.0` | `5.12.0` |\n\n\nUpdates `requests` from 2.32.3 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.19.0 to 3.1.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Support pagination in get-history of FileStore and SqlAlchemyStore (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16325\"\u003e#16325\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md\"\u003emlflow's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.4 (2025-07-23)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.3 (2025-07-22)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.2 (2025-07-08)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#16452\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16395\"\u003e#16395\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16446\"\u003e#16446\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16420\"\u003e#16420\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16447\"\u003e#16447\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16554\"\u003e#16554\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16515\"\u003e#16515\u003c/a\u003e, \u003ca href=\"https://github.com/frontsideair\"\u003e\u003ccode\u003e@​frontsideair\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16558\"\u003e#16558\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16443\"\u003e#16443\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16457\"\u003e#16457\u003c/a\u003e, \u003ca href=\"https://github.com/16442\"\u003e\u003ccode\u003e@​16442\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16449\"\u003e#16449\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16509\"\u003e#16509\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16512\"\u003e#16512\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16524\"\u003e#16524\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16514\"\u003e#16514\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16607\"\u003e#16607\u003c/a\u003e, \u003ca href=\"https://github.com/TomeHirata\"\u003e\u003ccode\u003e@​TomeHirata\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16541\"\u003e#16541\u003c/a\u003e, \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16573\"\u003e#16573\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16470\"\u003e#16470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16281\"\u003e#16281\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.1.1 (2025-06-25)\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.1 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Model Registry / Sqlalchemy] Increase prompt text limit from 5K to 100K (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16377\"\u003e#16377\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/d393a0c2bd1a2dcd1ffab4784af3579266a78dc0\"\u003e\u003ccode\u003ed393a0c\u003c/code\u003e\u003c/a\u003e Run python3 dev/update_mlflow_versions.py pre-release ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/bbe2e934823661254a68202397fb77ba46b0b404\"\u003e\u003ccode\u003ebbe2e93\u003c/code\u003e\u003c/a\u003e Fix Java POM for central release (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/91712a50b5f61553f7d01176dc5f02bd7cae0897\"\u003e\u003ccode\u003e91712a5\u003c/code\u003e\u003c/a\u003e lint change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/6d1469df7094b666b3df723a8c1c93e4d2d05955\"\u003e\u003ccode\u003e6d1469d\u003c/code\u003e\u003c/a\u003e fix merge for model serialization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3fa96eb8f099281bbc3021eee351e200e98e542a\"\u003e\u003ccode\u003e3fa96eb\u003c/code\u003e\u003c/a\u003e Fix releasing to central (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/377a0f2faeb0d4435df1982ea19d9dc900a819e5\"\u003e\u003ccode\u003e377a0f2\u003c/code\u003e\u003c/a\u003e update mlflow-tracing version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/5cc8e8d880543f578bf87227949195ec50d26ff0\"\u003e\u003ccode\u003e5cc8e8d\u003c/code\u003e\u003c/a\u003e Update build scripts to handle mlflow-tracing (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/15860\"\u003e#15860\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/3acca543505a4a1ceff8c226de44003d3814cdaf\"\u003e\u003ccode\u003e3acca54\u003c/code\u003e\u003c/a\u003e Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/16748ac5acb42647ef277e96797dfbcb626c36b7\"\u003e\u003ccode\u003e16748ac\u003c/code\u003e\u003c/a\u003e Update pom with further fixes (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mlflow/mlflow/commit/311a33195f3d58f3390fd23298df4d2cf4360a5b\"\u003e\u003ccode\u003e311a331\u003c/code\u003e\u003c/a\u003e Fix issue with search_registered_models with Databricks UC backend not suppor...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mlflow/mlflow/compare/v2.19.0...v3.1.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langgraph` from 1.0.3 to 1.0.10rc1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langgraph/releases\"\u003elanggraph's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003elanggraph==1.0.10rc1\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.9\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMerge commit from fork\u003c/li\u003e\n\u003cli\u003echore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes numeric task segments  (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6864\"\u003e#6864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: add \u003ccode\u003emake type\u003c/code\u003e target for type checking (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6748\"\u003e#6748\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.9\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.8\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: sequential interrupt handling w/ functional API (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6863\"\u003e#6863\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: state_updated_at sort by (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6857\"\u003e#6857\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/langgraph with 6 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6815\"\u003e#6815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump protobuf from 6.33.4 to 6.33.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6833\"\u003e#6833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump cryptography from 46.0.3 to 46.0.5 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6837\"\u003e#6837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump nbconvert from 7.16.6 to 7.17.0 in /libs/langgraph (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6832\"\u003e#6832\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor: replace bare except with BaseException in AsyncQueue (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6765\"\u003e#6765\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since 1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: shallow copy futures (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6755\"\u003e#6755\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: pydantic messages double streaming (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6753\"\u003e#6753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump ruff from 0.14.7 to 0.14.11 in /libs/sdk-py (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6673\"\u003e#6673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: Omit lock when using connection pool (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6734\"\u003e#6734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: enhance \u003ccode\u003eRuntime\u003c/code\u003e and \u003ccode\u003eToolRuntime\u003c/code\u003e class descriptions for clarity (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6689\"\u003e#6689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add clarity to use of \u003ccode\u003ethread_id\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6515\"\u003e#6515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: add docstrings to \u003ccode\u003eadd_node\u003c/code\u003e overloads (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6514\"\u003e#6514\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: update notebook links and add archival notices for examples (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6720\"\u003e#6720\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(cli): 0.4.12 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6716\"\u003e#6716\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003elanggraph-prebuilt==1.0.8\u003c/h2\u003e\n\u003cp\u003eChanges since prebuilt==1.0.7\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erelease: langgraph + prebuilt (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6875\"\u003e#6875\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: inject ToolRuntime for dynamically registered tools (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6874\"\u003e#6874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: bump orjson (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6852\"\u003e#6852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump langchain-core from 1.2.12 to 1.2.13 in /libs/prebuilt in the all-dependencies group (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6849\"\u003e#6849\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: conformance testing (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6842\"\u003e#6842\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore(deps): bump the all-dependencies group in /libs/prebuilt with 3 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6810\"\u003e#6810\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: server runtime type (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6774\"\u003e#6774\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs(prebuilt): update warning for \u003ccode\u003ecreate_react_agent\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6760\"\u003e#6760\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease(langgraph): 1.0.8 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6757\"\u003e#6757\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/a04ec5d6f00fa6583b2d98dfe789da741204b767\"\u003e\u003ccode\u003ea04ec5d\u003c/code\u003e\u003c/a\u003e release: Candidate (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6947\"\u003e#6947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/50df7d423abebcb5a192f0a59c2952c68cb0df8c\"\u003e\u003ccode\u003e50df7d4\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/c4a4a4647343d802d0ab909439806076bae15bd6\"\u003e\u003ccode\u003ec4a4a46\u003c/code\u003e\u003c/a\u003e chore: add tests to confirm expected subgraph persistence behavior (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6943\"\u003e#6943\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/f178eb821e52906e1705c9cc02533bb88854b409\"\u003e\u003ccode\u003ef178eb8\u003c/code\u003e\u003c/a\u003e fix(langgraph): correct ParentCommand bubbling when checkpoint_ns includes nu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/48167d7fec9c25228426c92ba83d8650b77de0f3\"\u003e\u003ccode\u003e48167d7\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/cli with 2 updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6920\"\u003e#6920\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/806878a421458e99f9882e666ff35a41ad1bb561\"\u003e\u003ccode\u003e806878a\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint-postgres wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8087e6a42c62c2049a5fb3f99372a8c601d07e08\"\u003e\u003ccode\u003e8087e6a\u003c/code\u003e\u003c/a\u003e docs(sdk-py): update auth docstrings to default-deny pattern (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6933\"\u003e#6933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/8fbdb144876ec9ca75943c7addb452a2bb634304\"\u003e\u003ccode\u003e8fbdb14\u003c/code\u003e\u003c/a\u003e release(sdk-py): 0.3.9 (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6932\"\u003e#6932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/5093802f319119be674c02269f9874df04558419\"\u003e\u003ccode\u003e5093802\u003c/code\u003e\u003c/a\u003e chore(deps): bump the all-dependencies group in /libs/checkpoint with 2 updat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langgraph/commit/b89ef60b91e019c3cb4422af1e3cc216804ccb20\"\u003e\u003ccode\u003eb89ef60\u003c/code\u003e\u003c/a\u003e feat(sdk-py): add extract parameter to threads.search() (\u003ca href=\"https://redirect.github.com/langchain-ai/langgraph/issues/6880\"\u003e#6880\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langgraph/compare/1.0.3...1.0.10rc1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mcp` from 1.22.0 to 1.23.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/releases\"\u003emcp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eSummary\u003c/h2\u003e\n\u003cp\u003eThis release brings us up to speed with the latest MCP spec \u003ccode\u003e2025-11-25\u003c/code\u003e. Take a look at the \u003ca href=\"https://modelcontextprotocol.io/specification/2025-11-25\"\u003elatest spec\u003c/a\u003e as well as the release \u003ca href=\"https://blog.modelcontextprotocol.io/posts/2025-11-25-first-mcp-anniversary/\"\u003eblog post.\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tests for JSON Schema 2020-12 field preservation (SEP-1613) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1649\"\u003emodelcontextprotocol/python-sdk#1649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd client_secret_basic authentication support by \u003ca href=\"https://github.com/jonshea\"\u003e\u003ccode\u003e@​jonshea\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1334\"\u003emodelcontextprotocol/python-sdk#1334\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1577 - Sampling With Tools by \u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1330: Elicitation Enum Schema Improvements and Standards Compliance by \u003ca href=\"https://github.com/chughtapan\"\u003e\u003ccode\u003e@​chughtapan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1246\"\u003emodelcontextprotocol/python-sdk#1246\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[auth][conformance] add conformance auth client by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1640\"\u003emodelcontextprotocol/python-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-986: Tool name validation by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1655\"\u003emodelcontextprotocol/python-sdk#1655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: url for spec by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1659\"\u003emodelcontextprotocol/python-sdk#1659\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: implement SEP-991 URL-based client ID (CIMD) support by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1652\"\u003emodelcontextprotocol/python-sdk#1652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate doc string on custom_route by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1660\"\u003emodelcontextprotocol/python-sdk#1660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement SEP-1036: URL mode elicitation for secure out-of-band interactions by \u003ca href=\"https://github.com/cbcoutinho\"\u003e\u003ccode\u003e@​cbcoutinho\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1580\"\u003emodelcontextprotocol/python-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSkip empty SSE data to avoid parsing errors by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1670\"\u003emodelcontextprotocol/python-sdk#1670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSEP-1686: Tasks by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1645\"\u003emodelcontextprotocol/python-sdk#1645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd on_session_created callback option by \u003ca href=\"https://github.com/crondinini-ant\"\u003e\u003ccode\u003e@​crondinini-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1710\"\u003emodelcontextprotocol/python-sdk#1710\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd SSE polling support (SEP-1699) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1654\"\u003emodelcontextprotocol/python-sdk#1654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport client_credentials flow with JWT and Basic auth by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1663\"\u003emodelcontextprotocol/python-sdk#1663\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: backwards-compatible create_message overloads for SEP-1577 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1713\"\u003emodelcontextprotocol/python-sdk#1713\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-enable DNS rebinding protection for localhost servers by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e  (d3a184119e4479ea6a63590bc41f01dc06e3fa99)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ochafik\"\u003e\u003ccode\u003e@​ochafik\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/pull/1594\"\u003emodelcontextprotocol/python-sdk#1594\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ehttps://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99\"\u003e\u003ccode\u003ed3a1841\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/fa851d93a2036a37cce73e098f7dbc80a6c48765\"\u003e\u003ccode\u003efa851d9\u003c/code\u003e\u003c/a\u003e feat: backwards-compatible create_message overloads for SEP-1577 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1713\"\u003e#1713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f82b0c937178815c1e96460455778578050c6d1a\"\u003e\u003ccode\u003ef82b0c9\u003c/code\u003e\u003c/a\u003e Support client_credentials flow with JWT and Basic auth (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1663\"\u003e#1663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/281fd4765e0fc2efaf2039d248c3bc0698416a8a\"\u003e\u003ccode\u003e281fd47\u003c/code\u003e\u003c/a\u003e Add SSE polling support (SEP-1699) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1654\"\u003e#1654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/2cd178a962ab454e3add228ecd721784b7b36e99\"\u003e\u003ccode\u003e2cd178a\u003c/code\u003e\u003c/a\u003e Add on_session_created callback option (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1710\"\u003e#1710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/c92bb2f7ffaa61813d7cc350887f4ece38307769\"\u003e\u003ccode\u003ec92bb2f\u003c/code\u003e\u003c/a\u003e SEP-1686: Tasks (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1645\"\u003e#1645\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/5983a650cc07d2dc6c6ba098e99d3545889157a9\"\u003e\u003ccode\u003e5983a65\u003c/code\u003e\u003c/a\u003e Skip empty SSE data to avoid parsing errors (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1670\"\u003e#1670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/02b78899296ce3631565345501e3d956b83ffe94\"\u003e\u003ccode\u003e02b7889\u003c/code\u003e\u003c/a\u003e Implement SEP-1036: URL mode elicitation for secure out-of-band interactions ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/27279bc157cbc03f7fe7758fd55a4b34c5652f42\"\u003e\u003ccode\u003e27279bc\u003c/code\u003e\u003c/a\u003e Update doc string on custom_route (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1660\"\u003e#1660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/commit/f22501315eab5b8358c603ac7f730f77bb09e4c4\"\u003e\u003ccode\u003ef225013\u003c/code\u003e\u003c/a\u003e feat: implement SEP-991 URL-based client ID (CIMD) support (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/python-sdk/issues/1652\"\u003e#1652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/python-sdk/compare/v1.22.0...v1.23.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.3...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mlflow` from 2.22.0 to 3.9.0rc0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mlflow/mlflow/releases\"\u003emlflow's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.4\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.4 includes several major features and improvements\u003c/p\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16835\"\u003e#16835\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16820\"\u003e#16820\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.3\u003c/h2\u003e\n\u003cp\u003eMLflow 3.1.3 includes several features and improvements\u003c/p\u003e\n\u003cp\u003eFeatures:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Artifacts / Tracking] Do not copy file permissions when logging artifacts to local artifact repo (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16642\"\u003e#16642\u003c/a\u003e, \u003ca href=\"https://github.com/connortann\"\u003e\u003ccode\u003e@​connortann\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Add support for OpenAI ChatCompletions parse method (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16493\"\u003e#16493\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Deployments] Propagate \u003ccode\u003eMLFLOW_DEPLOYMENT_PREDICT_TIMEOUT\u003c/code\u003e to databricks-sdk (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16783\"\u003e#16783\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Model Registry] Fix issue with search_registered_models with Databricks UC backend not supporting filter_string (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16766\"\u003e#16766\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Evaluation] Bug fix: Databricks GenAI evaluation dataset source returns string, instead of DatasetSource instance (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16712\"\u003e#16712\u003c/a\u003e, \u003ca href=\"https://github.com/dbczumar\"\u003e\u003ccode\u003e@​dbczumar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracking] Fix the position of added tracking_uri param to artifact store implementations (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16653\"\u003e#16653\u003c/a\u003e, \u003ca href=\"https://github.com/BenWilson2\"\u003e\u003ccode\u003e@​BenWilson2\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall bug fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16786\"\u003e#16786\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16692\"\u003e#16692\u003c/a\u003e, \u003ca href=\"https://github.com/daniellok-db\"\u003e\u003ccode\u003e@​daniellok-db\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16594\"\u003e#16594\u003c/a\u003e, \u003ca href=\"https://github.com/ngoduykhanh\"\u003e\u003ccode\u003e@​ngoduykhanh\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16475\"\u003e#16475\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version has been yanked. MLflow 3.1.3 will be released shortly.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eMLflow 3.1.2 is a patch release that includes several bug fixes.\u003c/p\u003e\n\u003cp\u003eBug fixes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[Tracking] Fix \u003ccode\u003edownload_artifacts\u003c/code\u003e ignoring \u003ccode\u003etracking_uri\u003c/code\u003e parameter (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16461\"\u003e#16461\u003c/a\u003e, \u003ca href=\"https://github.com/harupy\"\u003e\u003ccode\u003e@​harupy\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Fix event type for ResponsesAgent error (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16427\"\u003e#16427\u003c/a\u003e, \u003ca href=\"https://github.com/bbqiu\"\u003e\u003ccode\u003e@​bbqiu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Models] Remove falsey chat conversion for LangGraph models (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16601\"\u003e#16601\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Tracing] Use empty Resource when instantiating OTel provider to fix LiteLLM tracing issue (\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16590\"\u003e#16590\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSmall fixes and documentation updates:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16568\"\u003e#16568\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16454\"\u003e#16454\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16617\"\u003e#16617\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16605\"\u003e#16605\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16569\"\u003e#16569\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16553\"\u003e#16553\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16625\"\u003e#16625\u003c/a\u003e, \u003ca href=\"https://github.com/B-Step62\"\u003e\u003ccode\u003e@​B-Step62\u003c/code\u003e\u003c/a\u003e; \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16571\"\u003e#16571\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16552\"\u003e#16552\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/mlflow/mlflow/issues/16452\"\u003e#1645...\n\n_Description has been truncated_","html_url":"https://github.com/preechapon250/ray/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/preechapon250%2Fray/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"25.3.0","new_version":"26.0.0","update_type":"major","path":"/PIT4PFJOBQYU9DG0","pr_created_at":"2026-03-31T23:39:20.000Z","version_change":"25.3.0 → 26.0.0","issue":{"uuid":"4183030251","node_id":"PR_kwDOR2F1C87PGHDB","number":18,"state":"closed","title":"Bump pyopenssl from 25.3.0 to 26.0.0 in /PIT4PFJOBQYU9DG0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-31T23:55:38.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-31T23:39:20.000Z","updated_at":"2026-03-31T23:55:39.000Z","time_to_close":978,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/PIT4PFJOBQYU9DG0","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=uv\u0026previous-version=25.3.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/zadrafi/snowflake/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/zadrafi/snowflake/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zadrafi%2Fsnowflake/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"25.3.0","new_version":"26.0.0","update_type":"major","path":"/poc/streamlit","pr_created_at":"2026-03-31T17:52:52.000Z","version_change":"25.3.0 → 26.0.0","issue":{"uuid":"4181197472","node_id":"PR_kwDOR2F1C87PBgKZ","number":15,"state":"closed","title":"Bump pyopenssl from 25.3.0 to 26.0.0 in /poc/streamlit","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-31T23:55:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-31T17:52:52.000Z","updated_at":"2026-03-31T23:55:43.000Z","time_to_close":21770,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/poc/streamlit","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/zadrafi/snowflake/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/zadrafi%2Fsnowflake/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"25.1.0","new_version":"25.3.0","update_type":"minor","path":null,"pr_created_at":"2026-03-30T19:14:51.000Z","version_change":"25.1.0 → 25.3.0","issue":{"uuid":"4173400851","node_id":"PR_kwDONw5uE87OugFp","number":13,"state":"closed","title":"Bump the uv group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-01T21:11:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-30T19:14:51.000Z","updated_at":"2026-04-01T21:11:42.000Z","time_to_close":179809,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"uv","update_count":3,"packages":[{"name":"cryptography","old_version":"45.0.7","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"pyopenssl","old_version":"25.1.0","new_version":"25.3.0"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the / directory: [cryptography](https://github.com/pyca/cryptography) and [requests](https://github.com/psf/requests).\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.1.0 to 25.3.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Context.clear_mode\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Context.set_tls13_ciphersuites\u003c/code\u003e to set the allowed TLS 1.3 ciphers.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.set_info_callback\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/41e778874171b9655df3d5aa513acf821a1a83cc\"\u003e\u003ccode\u003e41e7788\u003c/code\u003e\u003c/a\u003e Prepare for a 25.3.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1448\"\u003e#1448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/53b78f5f89002e2c7264cc8e635749f82d674d67\"\u003e\u003ccode\u003e53b78f5\u003c/code\u003e\u003c/a\u003e test on supported pypys (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1449\"\u003e#1449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/fb1ebc1c81640acedc9e8918c066d81d71167876\"\u003e\u003ccode\u003efb1ebc1\u003c/code\u003e\u003c/a\u003e Update CI workflow to use 'ubuntu-latest' and 'windows-latest' (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1447\"\u003e#1447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6ccf90b36da20d9ad6adccde280d1dd3df792e7f\"\u003e\u003ccode\u003e6ccf90b\u003c/code\u003e\u003c/a\u003e Prepare for a release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1446\"\u003e#1446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/5f46403a4adb28c331a36f2129efccf4af219c20\"\u003e\u003ccode\u003e5f46403\u003c/code\u003e\u003c/a\u003e Added \u003ccode\u003eOpenSSL.SSL.Connection.set_info_callback\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1438\"\u003e#1438\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/95cf8fa3cec8d8ec9f0dca8dd1977a0fd86363b2\"\u003e\u003ccode\u003e95cf8fa\u003c/code\u003e\u003c/a\u003e Update tests to not rely on mutating contexts (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1445\"\u003e#1445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/946f87ecab525027e7fa18d869dc19224574724b\"\u003e\u003ccode\u003e946f87e\u003c/code\u003e\u003c/a\u003e Remove fallback path for old OpenSSL (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1443\"\u003e#1443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/0213311bb2e225a9d081eec026a5ee6afafa4a7c\"\u003e\u003ccode\u003e0213311\u003c/code\u003e\u003c/a\u003e Fix for new mypy release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1444\"\u003e#1444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7fd0ab84a07d7ec1461344be1bd0698c56dae423\"\u003e\u003ccode\u003e7fd0ab8\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 5 to 6 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1440\"\u003e#1440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8daf0d1066ddfe901991d5dfba63450b3ced464a\"\u003e\u003ccode\u003e8daf0d1\u003c/code\u003e\u003c/a\u003e Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1439\"\u003e#1439\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.1.0...25.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FarmaanElahi/terminal-data/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/FarmaanElahi/terminal-data/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FarmaanElahi%2Fterminal-data/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"25.1.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-29T06:56:47.000Z","version_change":"25.1.0 → 26.0.0","issue":{"uuid":"4163078623","node_id":"PR_kwDODELVY87OWnVA","number":9514,"state":"closed","title":"Bump the pip group across 8 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","PR title format","python","area/automation","Smoke tests: Unknown"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-08T06:46:01.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-29T06:56:47.000Z","updated_at":"2026-04-08T06:46:03.000Z","time_to_close":863354,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"pip","update_count":7,"packages":[{"name":"cryptography","old_version":"44.0.3","new_version":"46.0.6","repository_url":"https://github.com/pyca/cryptography"},{"name":"distributed","old_version":"2024.8.0","new_version":"2026.1.0","repository_url":"https://github.com/dask/distributed"},{"name":"pillow","old_version":"11.3.0","new_version":"12.1.1","repository_url":"https://github.com/python-pillow/Pillow"},{"name":"pyopenssl","old_version":"25.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"black","old_version":"24.10.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"mlflow","old_version":"3.5.1","new_version":"3.9.0rc0","repository_url":"https://github.com/mlflow/mlflow"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 3 updates in the /dockerfiles/gpu directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /dockerfiles/jupyter directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /dockerfiles/mlrun directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /dockerfiles/mlrun-api directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 4 updates in the /dockerfiles/mlrun-kfp directory: [cryptography](https://github.com/pyca/cryptography), [distributed](https://github.com/dask/distributed), [protobuf](https://github.com/protocolbuffers/protobuf) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 6 updates in the /dockerfiles/test directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [distributed](https://github.com/dask/distributed) | `2024.8.0` | `2026.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.1.1` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.1.0` | `26.0.0` |\n| [black](https://github.com/psf/black) | `24.10.0` | `26.3.1` |\n| [mlflow](https://github.com/mlflow/mlflow) | `3.5.1` | `3.9.0rc0` |\n\nBumps the pip group with 6 updates in the /dockerfiles/test-system directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [cryptography](https://github.com/pyca/cryptography) | `44.0.3` | `46.0.6` |\n| [distributed](https://github.com/dask/distributed) | `2024.8.0` | `2026.1.0` |\n| [pillow](https://github.com/python-pillow/Pillow) | `11.3.0` | `12.1.1` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `6.31.1` | `6.33.5` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `25.1.0` | `26.0.0` |\n| [black](https://github.com/psf/black) | `24.10.0` | `26.3.1` |\n\nBumps the pip group with 1 update in the /docs directory: [distributed](https://github.com/dask/distributed).\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9137\"\u003e#9137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdapt worker and nanny to ipv6 \u003ca href=\"https://github.com/csfldf\"\u003e\u003ccode\u003e@​csfldf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9133\"\u003e#9133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI Multiple aliased keys in file /Users/runner/.condarc \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9136\"\u003e#9136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epip\u003c/code\u003e pin for docs \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9132\"\u003e#9132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9130\"\u003e#9130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove UCX configuration schema \u003ca href=\"https://github.com/pentschev\"\u003e\u003ccode\u003e@​pentschev\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generic type support to Future and Client methods \u003ca href=\"https://github.com/moi90\"\u003e\u003ccode\u003e@​moi90\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9123\"\u003e#9123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.10.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa\"\u003e\u003ccode\u003eab72092\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f4cfecc48856d5f0fbf7f840fbecdb17544fd30e\"\u003e\u003ccode\u003ef4cfecc\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/9e135d2de60f397de406c58d3f40d8ad47ebd9e7\"\u003e\u003ccode\u003e9e135d2\u003c/code\u003e\u003c/a\u003e Clean up obsolete pins in CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/5da04d0aaee8367f805472cdbb5fef818387426e\"\u003e\u003ccode\u003e5da04d0\u003c/code\u003e\u003c/a\u003e Fix incompatibility of pyparsing vs. packaging in mindeps CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/7fc0080d0e4692247fe24a1291706232e1a07135\"\u003e\u003ccode\u003e7fc0080\u003c/code\u003e\u003c/a\u003e Bump mypy; fix mypy failure (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/06f59c25eb1450ead867773bdb18e6308527f3c2\"\u003e\u003ccode\u003e06f59c2\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/41bcd61b40edcb780650ab8701962fb85762afb3\"\u003e\u003ccode\u003e41bcd61\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/14261377211ff22695942a6f2e94596a3710d6f6\"\u003e\u003ccode\u003e1426137\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f67b890bd77e647f80b3ab0a3bb17fd6ecf238fa\"\u003e\u003ccode\u003ef67b890\u003c/code\u003e\u003c/a\u003e Version 2025.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/54a7352d6a7314263c9b316753e8f94a4976013d\"\u003e\u003ccode\u003e54a7352\u003c/code\u003e\u003c/a\u003e Typing fixes (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dask/distributed/compare/2024.8.0...2026.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9137\"\u003e#9137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdapt worker and nanny to ipv6 \u003ca href=\"https://github.com/csfldf\"\u003e\u003ccode\u003e@​csfldf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9133\"\u003e#9133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI Multiple aliased keys in file /Users/runner/.condarc \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9136\"\u003e#9136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epip\u003c/code\u003e pin for docs \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9132\"\u003e#9132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9130\"\u003e#9130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove UCX configuration schema \u003ca href=\"https://github.com/pentschev\"\u003e\u003ccode\u003e@​pentschev\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generic type support to Future and Client methods \u003ca href=\"https://github.com/moi90\"\u003e\u003ccode\u003e@​moi90\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9123\"\u003e#9123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.10.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa\"\u003e\u003ccode\u003eab72092\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f4cfecc48856d5f0fbf7f840fbecdb17544fd30e\"\u003e\u003ccode\u003ef4cfecc\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/9e135d2de60f397de406c58d3f40d8ad47ebd9e7\"\u003e\u003ccode\u003e9e135d2\u003c/code\u003e\u003c/a\u003e Clean up obsolete pins in CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/5da04d0aaee8367f805472cdbb5fef818387426e\"\u003e\u003ccode\u003e5da04d0\u003c/code\u003e\u003c/a\u003e Fix incompatibility of pyparsing vs. packaging in mindeps CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/7fc0080d0e4692247fe24a1291706232e1a07135\"\u003e\u003ccode\u003e7fc0080\u003c/code\u003e\u003c/a\u003e Bump mypy; fix mypy failure (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/06f59c25eb1450ead867773bdb18e6308527f3c2\"\u003e\u003ccode\u003e06f59c2\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/41bcd61b40edcb780650ab8701962fb85762afb3\"\u003e\u003ccode\u003e41bcd61\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/14261377211ff22695942a6f2e94596a3710d6f6\"\u003e\u003ccode\u003e1426137\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f67b890bd77e647f80b3ab0a3bb17fd6ecf238fa\"\u003e\u003ccode\u003ef67b890\u003c/code\u003e\u003c/a\u003e Version 2025.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/54a7352d6a7314263c9b316753e8f94a4976013d\"\u003e\u003ccode\u003e54a7352\u003c/code\u003e\u003c/a\u003e Typing fixes (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dask/distributed/compare/2024.8.0...2026.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9137\"\u003e#9137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdapt worker and nanny to ipv6 \u003ca href=\"https://github.com/csfldf\"\u003e\u003ccode\u003e@​csfldf\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9133\"\u003e#9133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI Multiple aliased keys in file /Users/runner/.condarc \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9136\"\u003e#9136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003epip\u003c/code\u003e pin for docs \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9132\"\u003e#9132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9130\"\u003e#9130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove UCX configuration schema \u003ca href=\"https://github.com/pentschev\"\u003e\u003ccode\u003e@​pentschev\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9127\"\u003e#9127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd generic type support to Future and Client methods \u003ca href=\"https://github.com/moi90\"\u003e\u003ccode\u003e@​moi90\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9123\"\u003e#9123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.10.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa\"\u003e\u003ccode\u003eab72092\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f4cfecc48856d5f0fbf7f840fbecdb17544fd30e\"\u003e\u003ccode\u003ef4cfecc\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/9e135d2de60f397de406c58d3f40d8ad47ebd9e7\"\u003e\u003ccode\u003e9e135d2\u003c/code\u003e\u003c/a\u003e Clean up obsolete pins in CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/5da04d0aaee8367f805472cdbb5fef818387426e\"\u003e\u003ccode\u003e5da04d0\u003c/code\u003e\u003c/a\u003e Fix incompatibility of pyparsing vs. packaging in mindeps CI (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/7fc0080d0e4692247fe24a1291706232e1a07135\"\u003e\u003ccode\u003e7fc0080\u003c/code\u003e\u003c/a\u003e Bump mypy; fix mypy failure (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/06f59c25eb1450ead867773bdb18e6308527f3c2\"\u003e\u003ccode\u003e06f59c2\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 5 to 6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/41bcd61b40edcb780650ab8701962fb85762afb3\"\u003e\u003ccode\u003e41bcd61\u003c/code\u003e\u003c/a\u003e Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/14261377211ff22695942a6f2e94596a3710d6f6\"\u003e\u003ccode\u003e1426137\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/f67b890bd77e647f80b3ab0a3bb17fd6ecf238fa\"\u003e\u003ccode\u003ef67b890\u003c/code\u003e\u003c/a\u003e Version 2025.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dask/distributed/commit/54a7352d6a7314263c9b316753e8f94a4976013d\"\u003e\u003ccode\u003e54a7352\u003c/code\u003e\u003c/a\u003e Typing fixes (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dask/distributed/compare/2024.8.0...2026.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 45.0.7 to 46.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.6 - 2026-03-25\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* **SECURITY ISSUE**: Fixed a bug where name constraints were not applied\n  to peer names during verification when the leaf certificate contains a\n  wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug,\n  including those used by the Web PKI. Credit to **Oleh Konko (1seal)** for\n  reporting the issue. **CVE-2026-34073**\n\u003cp\u003e.. _v46-0-5:\u003c/p\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAn attacker could create a malicious public key that reveals portions of your\nprivate key when using certain uncommon elliptic curves (binary curves).\nThis version now includes additional security checks to prevent this attack.\nThis issue only affects binary elliptic curves, which are rarely used in\nreal-world applications. Credit to \u003cstrong\u003eXlabAI Team of Tencent Xuanwu Lab and\nAtuin Automated Vulnerability Discovery Engine\u003c/strong\u003e for reporting the issue.\n\u003cstrong\u003eCVE-2026-26007\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eSupport for \u003ccode\u003eSECT*\u003c/code\u003e binary elliptic curves is deprecated and will be\nremoved in the next release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* `Dropped support for win_arm64 wheels`_.\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed compilation when using LibreSSL 4.2.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/91d728897bdad30cd5c79a2b23e207f1f050d587\"\u003e\u003ccode\u003e91d7288\u003c/code\u003e\u003c/a\u003e Cherry-pick \u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14542\"\u003e#14542\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14543\"\u003e#14543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/45.0.7...46.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `distributed` from 2024.8.0 to 2026.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dask/distributed/releases\"\u003edistributed's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026.1.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9177\"\u003e#9177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up obsolete pins in CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9172\"\u003e#9172\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incompatibility of pyparsing vs. packaging in mindeps CI \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9170\"\u003e#9170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump mypy; fix mypy failure \u003ca href=\"https://github.com/crusaderky\"\u003e\u003ccode\u003e@​crusaderky\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9171\"\u003e#9171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/upload-artifact from 5 to 6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9166\"\u003e#9166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9167\"\u003e#9167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump actions/cache from 4 to 5 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9168\"\u003e#9168\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.12.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTyping fixes \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9159\"\u003e#9159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExplicit setuptools-scm minimum version \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9160\"\u003e#9160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnforce ruff rules (RUF) \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9153\"\u003e#9153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up \u003ccode\u003eMANIFEST.in\u003c/code\u003e \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9149\"\u003e#9149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eisort → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9152\"\u003e#9152\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRuff supersedes absolufy-imports \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9154\"\u003e#9154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump minimum supported \u003ccode\u003etoolz\u003c/code\u003e to 0.12.0 \u003ca href=\"https://github.com/jrbourbeau\"\u003e\u003ccode\u003e@​jrbourbeau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9151\"\u003e#9151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eflake8, bugbear, pyupgrade → ruff \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9147\"\u003e#9147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typos found by codespell \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9145\"\u003e#9145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eClean up setuptools-specific configuration \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9150\"\u003e#9150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePEP 639 compliance \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9146\"\u003e#9146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate black \u003ca href=\"https://github.com/DimitriPapadopoulos\"\u003e\u003ccode\u003e@​DimitriPapadopoulos\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9148\"\u003e#9148\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix empty progress bar \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9144\"\u003e#9144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @\u003ca href=\"https://github.com/apps/dependabot\"\u003edependabot[bot]\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9139\"\u003e#9139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExclude broken \u003ccode\u003etblib\u003c/code\u003e versions in CI \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/dask/distributed/issues/9141\"\u003e#9141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://docs.dask.org/en/stable/changelog.html\"\u003eChangelog\u003c/a\u003e for more information.\u003c/p\u003e\n\u003ch2\u003e2025.11.0\u003c/h2\u003e\n\u003ch2\u003eChanges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReplace versioneer with setuptools-scm \u003ca href=\"https://github.com/jacobtomlinson\"\u003e\u003ccode\u003e@​jacobtomlinson\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/mlrun/mlrun/pull/9514","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mlrun%2Fmlrun/issues/9514","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9514/packages"}},{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-26T22:23:02.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4147706060","node_id":"PR_kwDOOK9uiM7N4A8_","number":150,"state":"closed","title":"chore(deps): bump the pip group across 28 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T03:17:45.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T22:23:02.000Z","updated_at":"2026-04-02T03:17:47.000Z","time_to_close":536083,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/cloud-client-temp directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `24.1.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.9.2` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `24.4.2` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.53.0` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` |\n\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 1 update in the /dataflow/run_template directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 3 updates in the /iap directory: [requests](https://github.com/psf/requests), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loa...\n\n_Description has been truncated_","html_url":"https://github.com/Reality2byte/python-docs-samples/pull/150","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Reality2byte%2Fpython-docs-samples/issues/150","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/150/packages"}},{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-26T14:19:09.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4144396385","node_id":"PR_kwDOO-I9t87Nvas_","number":8,"state":"closed","title":"chore(deps): bump the pip group across 25 directories with 13 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-02T04:10:16.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T14:19:09.000Z","updated_at":"2026-04-02T04:10:18.000Z","time_to_close":568267,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":13,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 1 update in the /aml-ai directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /bigquery/continuous-queries directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [pyopenssl](https://github.com/pyca/pyopenssl) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 9 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 5 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n\nBumps the pip group with 9 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 4 updates in the /iap directory: [requests](https://github.com/psf/requests), [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.4 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.4...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 25.0.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003cco...\n\n_Description has been truncated_","html_url":"https://github.com/ASISBusiness/python-docs-samples/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASISBusiness%2Fpython-docs-samples/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-26T13:42:02.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4144077079","node_id":"PR_kwDOOK9uiM7Nuhf9","number":147,"state":"open","title":"chore(deps): bump the pip group across 27 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-26T13:42:02.000Z","updated_at":"2026-04-08T04:51:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":16,"packages":[{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"werkzeug","old_version":"2.2.3","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"apache-airflow","old_version":"2.6.3","new_version":"3.2.0b1","repository_url":"https://github.com/apache/airflow"},{"name":"authlib","old_version":"1.2.1","new_version":"1.6.9","repository_url":"https://github.com/authlib/authlib"},{"name":"black","old_version":"23.1a1","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"cryptography","old_version":"40.0.2","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"google-cloud-aiplatform","old_version":"1.27.1","new_version":"1.133.0","repository_url":"https://github.com/googleapis/python-aiplatform"},{"name":"orjson","old_version":"3.9.1","new_version":"3.11.6","repository_url":"https://github.com/ijl/orjson"},{"name":"protobuf","old_version":"4.23.4","new_version":"5.29.6","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"pyasn1","old_version":"0.4.8","new_version":"0.6.3","repository_url":"https://github.com/pyasn1/pyasn1"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /alloydb/notebooks directory: [nbconvert](https://github.com/jupyter/nbconvert).\nBumps the pip group with 3 updates in the /appengine/standard/firebase/firenotes/backend directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 4 updates in the /cloud-media-livestream/keypublisher directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests), [werkzeug](https://github.com/pallets/werkzeug) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 3 updates in the /cloud-sql/sql-server/sqlalchemy directory: [flask](https://github.com/pallets/flask), [werkzeug](https://github.com/pallets/werkzeug) and [pyopenssl](https://github.com/pyca/pyopenssl).\nBumps the pip group with 2 updates in the /cloud_scheduler/snippets directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 12 updates in the /composer/2022_airflow_summit directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [authlib](https://github.com/authlib/authlib) | `1.2.1` | `1.6.9` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.1` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n\nBumps the pip group with 6 updates in the /composer/airflow_1_samples directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `1.1.2` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `0.16.1` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `20.0.0` | `26.0.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `3.2.1` | `46.0.5` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `3.14.0` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n\nBumps the pip group with 12 updates in the /composer/cicd_sample directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.6.3` | `3.2.0b1` |\n| [authlib](https://github.com/authlib/authlib) | `1.2.1` | `1.6.9` |\n| [black](https://github.com/psf/black) | `23.1a1` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `40.0.2` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.27.1` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.1` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.23.4` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.4.8` | `0.6.3` |\n\nBumps the pip group with 12 updates in the /composer/workflows directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.3` | `3.1.6` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `24.1.0` | `26.0.0` |\n| [apache-airflow](https://github.com/apache/airflow) | `2.9.2` | `3.2.0b1` |\n| [authlib](https://github.com/authlib/authlib) | `1.3.1` | `1.6.9` |\n| [black](https://github.com/psf/black) | `24.4.2` | `26.3.1` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.7` | `46.0.5` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.53.0` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.10.3` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.3` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n\nBumps the pip group with 1 update in the /compute/client_library directory: [black](https://github.com/psf/black).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 5 updates in the /dataflow/flex-templates/pipeline_with_dependencies directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) | `1.42.1` | `1.133.0` |\n| [orjson](https://github.com/ijl/orjson) | `3.9.15` | `3.11.6` |\n| [protobuf](https://github.com/protocolbuffers/protobuf) | `4.25.8` | `5.29.6` |\n| [pyasn1](https://github.com/pyasn1/pyasn1) | `0.5.1` | `0.6.3` |\n\nBumps the pip group with 3 updates in the /dataflow/gemma directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [protobuf](https://github.com/protocolbuffers/protobuf) and [keras](https://github.com/keras-team/keras).\nBumps the pip group with 1 update in the /dataflow/gemma-flex-template directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 1 update in the /dataflow/run_template directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 3 updates in the /endpoints/getting-started directory: [flask](https://github.com/pallets/flask), [requests](https://github.com/psf/requests) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /functions/concepts-requests directory: [flask](https://github.com/pallets/flask) and [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /functions/tips-connection-pooling directory: [flask](https://github.com/pallets/flask) and [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /gemma2 directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform) and [protobuf](https://github.com/protocolbuffers/protobuf).\nBumps the pip group with 3 updates in the /iap directory: [requests](https://github.com/psf/requests), [werkzeug](https://github.com/pallets/werkzeug) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 2 updates in the /kms/attestations directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 2 updates in the /run/service-auth directory: [flask](https://github.com/pallets/flask) and [requests](https://github.com/psf/requests).\n\nUpdates `nbconvert` from 7.16.6 to 7.17.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/releases\"\u003enbconvert's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.17.0\u003c/h2\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jupyter/nbconvert/blob/main/CHANGELOG.md\"\u003enbconvert's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e7.17.0\u003c/h2\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003eFull Changelog\u003c/a\u003e)\u003c/p\u003e\n\u003ch3\u003eEnhancements made\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for arbitrary browser arguments \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2227\"\u003e#2227\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBugs fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix QtPNGExporter returning empty bytes on macOS \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2264\"\u003e#2264\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD) \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2261\"\u003e#2261\u003c/a\u003e (\u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix get_export_names and get_exporter default args \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2228\"\u003e#2228\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePyPA-Compliant Summary \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2226\"\u003e#2226\u003c/a\u003e (\u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMaintenance and upkeep improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid cov environment on free-threaded Pythons \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2267\"\u003e#2267\u003c/a\u003e (\u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate pre-commit, and fix all issues. \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2238\"\u003e#2238\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop test on 3.9, test on 3.13, 3.14, 3.14t \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2237\"\u003e#2237\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the actions group across 1 directory with 2 updates \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2231\"\u003e#2231\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReplace \u003ccode\u003e@flaky.flaky\u003c/code\u003e decorate with pytest marker \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2229\"\u003e#2229\u003c/a\u003e (\u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to mermaid 11.10.0 \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2224\"\u003e#2224\u003c/a\u003e (\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop support for Python 3.8, fix the CI tests \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2221\"\u003e#2221\u003c/a\u003e (\u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003eintersphinx_registry\u003c/code\u003e \u003ca href=\"https://redirect.github.com/jupyter/nbconvert/pull/2232\"\u003e#2232\u003c/a\u003e (\u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors to this release\u003c/h3\u003e\n\u003cp\u003eThe following people contributed discussions, new ideas, code and documentation contributions, and review.\nSee \u003ca href=\"https://github-activity.readthedocs.io/en/latest/use/#how-does-this-tool-define-contributions-in-the-reports\"\u003eour definition of contributors\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e(\u003ca href=\"https://github.com/jupyter/nbconvert/graphs/contributors?from=2025-01-28\u0026amp;to=2026-01-29\u0026amp;type=c\"\u003eGitHub contributors page for this release\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/bollwyvl\"\u003e\u003ccode\u003e@​bollwyvl\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Abollwyvl+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/Carreau\"\u003e\u003ccode\u003e@​Carreau\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3ACarreau+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/h3pdesign\"\u003e\u003ccode\u003e@​h3pdesign\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ah3pdesign+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/hackowitz-af\"\u003e\u003ccode\u003e@​hackowitz-af\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ahackowitz-af+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/krassowski\"\u003e\u003ccode\u003e@​krassowski\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Akrassowski+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mberlanda\"\u003e\u003ccode\u003e@​mberlanda\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amberlanda+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/mgorny\"\u003e\u003ccode\u003e@​mgorny\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Amgorny+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/minrk\"\u003e\u003ccode\u003e@​minrk\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Aminrk+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/MSeal\"\u003e\u003ccode\u003e@​MSeal\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AMSeal+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/QuLogic\"\u003e\u003ccode\u003e@​QuLogic\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3AQuLogic+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/salmankadaya\"\u003e\u003ccode\u003e@​salmankadaya\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Asalmankadaya+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/shreve\"\u003e\u003ccode\u003e@​shreve\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ashreve+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e) | \u003ca href=\"https://github.com/th3gowtham\"\u003e\u003ccode\u003e@​th3gowtham\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/search?q=repo%3Ajupyter%2Fnbconvert+involves%3Ath3gowtham+updated%3A2025-01-28..2026-01-29\u0026amp;type=Issues\"\u003eactivity\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/21b35d85b46f5ff0956d3d088a52b9bef00e8196\"\u003e\u003ccode\u003e21b35d8\u003c/code\u003e\u003c/a\u003e Publish 7.17.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/c9ac1d1040459ed1ff9eb34e9918ce5a87cf9d71\"\u003e\u003ccode\u003ec9ac1d1\u003c/code\u003e\u003c/a\u003e Fix CVE-2025-53000: Secure Inkscape Windows path (registry first + block CWD)...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/b13276d80ae6fadbfda981304810e26f421c4ced\"\u003e\u003ccode\u003eb13276d\u003c/code\u003e\u003c/a\u003e avoid cov environment on free-threaded Pythons (\u003ca href=\"https://redirect.github.com/jupyter/nbconvert/issues/2267\"\u003e#2267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7c7055fe833fe9832e6f9a64fa5f67d66692c8d6\"\u003e\u003ccode\u003e7c7055f\u003c/code\u003e\u003c/a\u003e [pre-commit.ci] auto fixes from pre-commit.com hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/74f3ddd37ef4b7ffb5eee9acbf52062217c15852\"\u003e\u003ccode\u003e74f3ddd\u003c/code\u003e\u003c/a\u003e Fix QtPNGExporter returning empty bytes on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/216550b2aae4c329f4dab597a96ae7cac30de79a\"\u003e\u003ccode\u003e216550b\u003c/code\u003e\u003c/a\u003e fix links\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/39777ac5716350e994171d025a7369c58b0afc8c\"\u003e\u003ccode\u003e39777ac\u003c/code\u003e\u003c/a\u003e try to comment fialing test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/7b591ca526f2598dbae3256a53765659c3edcf14\"\u003e\u003ccode\u003e7b591ca\u003c/code\u003e\u003c/a\u003e ruff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/6ec7638a3dc7a0bc2c533c116202d7f9b07ce9d9\"\u003e\u003ccode\u003e6ec7638\u003c/code\u003e\u003c/a\u003e parent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jupyter/nbconvert/commit/59414b36f94e318d4207e8af863167047d936c19\"\u003e\u003ccode\u003e59414b3\u003c/code\u003e\u003c/a\u003e fix mypy\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jupyter/nbconvert/compare/v7.16.6...v7.17.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 3.0.0 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/3.0.0...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.27.1 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.27.1...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.3 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.3...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/...\n\n_Description has been truncated_","html_url":"https://github.com/Reality2byte/python-docs-samples/pull/147","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Reality2byte%2Fpython-docs-samples/issues/147","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/147/packages"}},{"old_version":"24.2.1","new_version":"22.0.0","update_type":null,"path":null,"pr_created_at":"2026-03-26T08:53:38.000Z","version_change":"24.2.1 → 22.0.0","issue":{"uuid":"4141914658","node_id":"PR_kwDONuDge87Nokly","number":429,"state":"closed","title":"chore(deps): bump the uv group across 1 directory with 4 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-26T09:21:02.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T08:53:38.000Z","updated_at":"2026-03-26T09:21:12.000Z","time_to_close":1644,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"uv","update_count":4,"packages":[{"name":"black","old_version":"26.1.0","new_version":"26.3.1","repository_url":"https://github.com/psf/black"},{"name":"requests","old_version":"2.32.5","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"43.0.3","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"pyopenssl","old_version":"24.2.1","new_version":"22.0.0"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 3 updates in the / directory: [black](https://github.com/psf/black), [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `black` from 26.1.0 to 26.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/releases\"\u003eblack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop evenloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOutput\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/black/blob/main/CHANGES.md\"\u003eblack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.3.1\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent Jupyter notebook magic masking collisions from corrupting cells by using\nexact-length placeholders for short magics and aborting if a placeholder can no longer\nbe unmasked safely (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eConfiguration\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlways hash cache filename components derived from \u003ccode\u003e--python-cell-magics\u003c/code\u003e so custom\nmagic names cannot affect cache paths (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003cem\u003eBlackd\u003c/em\u003e\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDisable browser-originated requests by default, add configurable origin allowlisting\nand request body limits, and bound executor submissions to improve backpressure\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.3.0\u003c/h2\u003e\n\u003ch3\u003eStable style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDon't double-decode input, causing non-UTF-8 files to be corrupted (\u003ca href=\"https://redirect.github.com/psf/black/issues/4964\"\u003e#4964\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix crash on standalone comment in lambda default arguments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4993\"\u003e#4993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePreserve parentheses when \u003ccode\u003e# type: ignore\u003c/code\u003e comments would be merged with other\ncomments on the same line, preventing AST equivalence failures (\u003ca href=\"https://redirect.github.com/psf/black/issues/4888\"\u003e#4888\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePreview style\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where \u003ccode\u003eif\u003c/code\u003e guards in \u003ccode\u003ecase\u003c/code\u003e blocks were incorrectly split when the pattern had\na trailing comma (\u003ca href=\"https://redirect.github.com/psf/black/issues/4884\"\u003e#4884\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003estring_processing\u003c/code\u003e crashing on unassigned long string literals with trailing\ncommas (one-item tuples) (\u003ca href=\"https://redirect.github.com/psf/black/issues/4929\"\u003e#4929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify implementation of the power operator \u0026quot;hugging\u0026quot; logic (\u003ca href=\"https://redirect.github.com/psf/black/issues/4918\"\u003e#4918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix shutdown errors in PyInstaller builds on macOS by disabling multiprocessing in\nfrozen environments (\u003ca href=\"https://redirect.github.com/psf/black/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduce winloop for windows as an alternative to uvloop (\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove deprecated function \u003ccode\u003euvloop.install()\u003c/code\u003e in favor of \u003ccode\u003euvloop.new_event_loop()\u003c/code\u003e\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRename \u003ccode\u003emaybe_install_uvloop\u003c/code\u003e function to \u003ccode\u003emaybe_use_uvloop\u003c/code\u003e to simplify loop\ninstallation and creation of either a uvloop/winloop eventloop or default eventloop\n(\u003ca href=\"https://redirect.github.com/psf/black/issues/4996\"\u003e#4996\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c6755bb741b6481d6b3d3bb563c83fa060db96c9\"\u003e\u003ccode\u003ec6755bb\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.1 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5046\"\u003e#5046\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69973fd6950985fbeb1090d96da717dc4d8380b0\"\u003e\u003ccode\u003e69973fd\u003c/code\u003e\u003c/a\u003e Harden blackd browser-facing request handling (\u003ca href=\"https://redirect.github.com/psf/black/issues/5039\"\u003e#5039\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d\"\u003e\u003ccode\u003e4937fe6\u003c/code\u003e\u003c/a\u003e Fix some shenanigans with the cache file and IPython (\u003ca href=\"https://redirect.github.com/psf/black/issues/5038\"\u003e#5038\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/2e641d174469c505d5ae905e75d4c769597e681f\"\u003e\u003ccode\u003e2e641d1\u003c/code\u003e\u003c/a\u003e docs: remove outdated Black Playground references (\u003ca href=\"https://redirect.github.com/psf/black/issues/5044\"\u003e#5044\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c014b22a2d5e0632587b47b81151658bddfa0b88\"\u003e\u003ccode\u003ec014b22\u003c/code\u003e\u003c/a\u003e Remove unused internal code (\u003ca href=\"https://redirect.github.com/psf/black/issues/5041\"\u003e#5041\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/0dae20b2d009f2f03de8696d06b0c947d3abafc9\"\u003e\u003ccode\u003e0dae20b\u003c/code\u003e\u003c/a\u003e Add new changelog (\u003ca href=\"https://redirect.github.com/psf/black/issues/5036\"\u003e#5036\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/c5c1cbddd92cecb554ac2a77a24139dd76831030\"\u003e\u003ccode\u003ec5c1cbd\u003c/code\u003e\u003c/a\u003e Minor release patches (\u003ca href=\"https://redirect.github.com/psf/black/issues/5035\"\u003e#5035\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/7e5a828c37d71b6a6666e28eed444816def6a8f4\"\u003e\u003ccode\u003e7e5a828\u003c/code\u003e\u003c/a\u003e docs: clarify relationship between Black style and PEP 8 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/69705deb8776e7c5e585668da106d1abe2cb8d77\"\u003e\u003ccode\u003e69705de\u003c/code\u003e\u003c/a\u003e docs: add clearer pyproject configuration guidance (\u003ca href=\"https://redirect.github.com/psf/black/issues/5026\"\u003e#5026\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/black/commit/35ea67920b7f6ac8e09be1c47278752b1e827f76\"\u003e\u003ccode\u003e35ea679\u003c/code\u003e\u003c/a\u003e Prepare release 26.3.0 (\u003ca href=\"https://redirect.github.com/psf/black/issues/5032\"\u003e#5032\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/black/compare/26.1.0...26.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.32.5 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.32.5...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 43.0.3 to 46.0.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed an issue where users installing via ``pip`` on Python 3.14 development\n  versions would not properly install a dependency.\n* Fixed an issue building the free-threaded macOS 3.14 wheels.\n\u003cp\u003e.. _v46-0-0:\u003c/p\u003e\n\u003cp\u003e46.0.0 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.7 has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/62230623d183706632c0eb7822c96ac95e3710a8\"\u003e\u003ccode\u003e6223062\u003c/code\u003e\u003c/a\u003e release 46.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13446\"\u003e#13446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/43.0.3...46.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 24.2.1 to 22.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e24.2.1 (2024-07-20)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed changelog to remove sphinx specific restructured text strings.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e24.2.0 (2024-07-20)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecated \u003ccode\u003eOpenSSL.crypto.X509Req\u003c/code\u003e, \u003ccode\u003eOpenSSL.crypto.load_certificate_request\u003c/code\u003e, \u003ccode\u003eOpenSSL.crypto.dump_certificate_request\u003c/code\u003e. Instead, \u003ccode\u003ecryptography.x509.CertificateSigningRequest\u003c/code\u003e, \u003ccode\u003ecryptography.x509.CertificateSigningRequestBuilder\u003c/code\u003e, \u003ccode\u003ecryptography.x509.load_der_x509_csr\u003c/code\u003e, or \u003ccode\u003ecryptography.x509.load_pem_x509_csr\u003c/code\u003e should be used.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded type hints for the \u003ccode\u003eSSL\u003c/code\u003e module.\n\u003ccode\u003e[#1308](https://github.com/pyca/pyopenssl/issues/1308) \u0026lt;https://github.com/pyca/pyopenssl/pull/1308\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eChanged \u003ccode\u003eOpenSSL.crypto.PKey.from_cryptography_key\u003c/code\u003e to accept public and private EC, ED25519, ED448 keys.\n\u003ccode\u003e[#1310](https://github.com/pyca/pyopenssl/issues/1310) \u0026lt;https://github.com/pyca/pyopenssl/pull/1310\u0026gt;\u003c/code\u003e_.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e24.1.0 (2024-03-09)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved the deprecated \u003ccode\u003eOpenSSL.crypto.PKCS12\u003c/code\u003e and\n\u003ccode\u003eOpenSSL.crypto.NetscapeSPKI\u003c/code\u003e. \u003ccode\u003eOpenSSL.crypto.PKCS12\u003c/code\u003e may be replaced\nby the PKCS#12 APIs in the \u003ccode\u003ecryptography\u003c/code\u003e package.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/819095fa886db98cf43b6f0e66ba19c83d64d3c0\"\u003e\u003ccode\u003e819095f\u003c/code\u003e\u003c/a\u003e bump for 22.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1079\"\u003e#1079\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/41ceefb0f81d6ac056e9d84e47de57191e067b8e\"\u003e\u003ccode\u003e41ceefb\u003c/code\u003e\u003c/a\u003e Docs: Fix param type for methods where digest is used (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1078\"\u003e#1078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/fb26edde0aa27670c7bb24c0daeb05516e83d7b0\"\u003e\u003ccode\u003efb26edd\u003c/code\u003e\u003c/a\u003e Reduce MD5 and SHA1 dependency in tests (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d184fbbbb68b352a5818ebf94b4a6d68bb92d35a\"\u003e\u003ccode\u003ed184fbb\u003c/code\u003e\u003c/a\u003e Update variable name, there are now many linuxes (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1070\"\u003e#1070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b85cfd411af794e77e9be645316607063234975\"\u003e\u003ccode\u003e8b85cfd\u003c/code\u003e\u003c/a\u003e Rename path_string to path_bytes since that's what it actually does (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1067\"\u003e#1067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/de073c62c809b2cd67315c5b3ae99ef38fcd26a9\"\u003e\u003ccode\u003ede073c6\u003c/code\u003e\u003c/a\u003e Remove native, it's behavior is confusing (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1069\"\u003e#1069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/c175f152a4b4c02f166035c915a847c3281b1e8c\"\u003e\u003ccode\u003ec175f15\u003c/code\u003e\u003c/a\u003e Remove dead code (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1068\"\u003e#1068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7120bb59d165103d8f2cffd0726709591b572174\"\u003e\u003ccode\u003e7120bb5\u003c/code\u003e\u003c/a\u003e Accept pathlib.Path as a valid path (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1027\"\u003e#1027\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/db092ce0c542aaea1407961be063b509a0f37551\"\u003e\u003ccode\u003edb092ce\u003c/code\u003e\u003c/a\u003e Remove call to init_static_locks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1066\"\u003e#1066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a63c75a8417a286173497884f550b11d1b173ec2\"\u003e\u003ccode\u003ea63c75a\u003c/code\u003e\u003c/a\u003e Bump actions/setup-python from 2.3.0 to 2.3.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1064\"\u003e#1064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/24.2.1...22.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MESH-Research/knowledge-commons-profiles/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/MESH-Research/knowledge-commons-profiles/pull/429","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MESH-Research%2Fknowledge-commons-profiles/issues/429","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/429/packages"}},{"old_version":"23.2.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-26T07:47:47.000Z","version_change":"23.2.0 → 26.0.0","issue":{"uuid":"4141501725","node_id":"PR_kwDOLA_7i87NncE_","number":3,"state":"closed","title":"chore(deps): bump the pip group across 17 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-02T02:08:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-26T07:47:47.000Z","updated_at":"2026-04-02T02:08:12.000Z","time_to_close":584425,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"pip","update_count":10,"packages":[{"name":"requests","old_version":"2.31.0","new_version":"2.33.0","repository_url":"https://github.com/psf/requests"},{"name":"cryptography","old_version":"41.0.6","new_version":"46.0.5","repository_url":"https://github.com/pyca/cryptography"},{"name":"flask","old_version":"2.2.5","new_version":"3.1.3","repository_url":"https://github.com/pallets/flask"},{"name":"pyopenssl","old_version":"23.2.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"werkzeug","old_version":"3.0.1","new_version":"3.1.6","repository_url":"https://github.com/pallets/werkzeug"}],"path":null,"ecosystem":"pip"},"body":"Bumps the pip group with 1 update in the /auth/service-to-service directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 5 updates in the /cloud-media-livestream/keypublisher directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.6` | `46.0.5` |\n| [flask](https://github.com/pallets/flask) | `2.2.5` | `3.1.3` |\n| [pyopenssl](https://github.com/pyca/pyopenssl) | `23.2.0` | `26.0.0` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n\nBumps the pip group with 1 update in the /cloud_tasks/http_queues directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /composer/rest directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/auth directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 2 updates in the /compute/encryption directory: [requests](https://github.com/psf/requests) and [cryptography](https://github.com/pyca/cryptography).\nBumps the pip group with 1 update in the /compute/metadata directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 1 update in the /compute/oslogin directory: [requests](https://github.com/psf/requests).\nBumps the pip group with 3 updates in the /dataflow/run-inference directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform), [torch](https://github.com/pytorch/pytorch) and [transformers](https://github.com/huggingface/transformers).\nBumps the pip group with 1 update in the /dataflow/run_template directory: [flask](https://github.com/pallets/flask).\nBumps the pip group with 2 updates in the /datastore/cloud-ndb directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 2 updates in the /dialogflow-cx directory: [flask](https://github.com/pallets/flask) and [werkzeug](https://github.com/pallets/werkzeug).\nBumps the pip group with 5 updates in the /endpoints/getting-started directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [flask](https://github.com/pallets/flask) | `3.0.0` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n| [flask-cors](https://github.com/corydolphin/flask-cors) | `4.0.0` | `6.0.0` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the pip group with 1 update in the /generative_ai directory: [google-cloud-aiplatform](https://github.com/googleapis/python-aiplatform).\nBumps the pip group with 5 updates in the /iap directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [requests](https://github.com/psf/requests) | `2.31.0` | `2.33.0` |\n| [cryptography](https://github.com/pyca/cryptography) | `41.0.6` | `46.0.5` |\n| [flask](https://github.com/pallets/flask) | `3.0.0` | `3.1.3` |\n| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.1.6` |\n| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |\n\nBumps the pip group with 1 update in the /media_cdn directory: [cryptography](https://github.com/pyca/cryptography).\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cryptography` from 41.0.6 to 46.0.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst\"\u003ecryptography's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e46.0.5 - 2026-02-10\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* An attacker could create a malicious public key that reveals portions of your\n  private key when using certain uncommon elliptic curves (binary curves).\n  This version now includes additional security checks to prevent this attack.\n  This issue only affects binary elliptic curves, which are rarely used in\n  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and\n  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.\n  **CVE-2026-26007**\n* Support for ``SECT*`` binary elliptic curves is deprecated and will be\n  removed in the next release.\n\u003cp\u003e.. v46-0-4:\u003c/p\u003e\n\u003cp\u003e46.0.4 - 2026-01-27\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eDropped support for win_arm64 wheels\u003c/code\u003e_.\u003c/li\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-3:\u003c/p\u003e\n\u003cp\u003e46.0.3 - 2025-10-15\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed compilation when using LibreSSL 4.2.0.\n\u003cp\u003e.. _v46-0-2:\u003c/p\u003e\n\u003cp\u003e46.0.2 - 2025-09-30\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e.. _v46-0-1:\u003c/p\u003e\n\u003cp\u003e46.0.1 - 2025-09-16\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e\n* Fixed an issue where users installing via ``pip`` on Python 3.14 development\n  versions would not properly install a dependency.\n* Fixed an issue building the free-threaded macOS 3.14 wheels.\n\u003cp\u003e.. _v46-0-0:\u003c/p\u003e\n\u003cp\u003e46.0.0 - 2025-09-16\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBACKWARDS INCOMPATIBLE:\u003c/strong\u003e Support for Python 3.7 has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad\"\u003e\u003ccode\u003e06e120e\u003c/code\u003e\u003c/a\u003e bump version for 46.0.5 release (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14289\"\u003e#14289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c\"\u003e\u003ccode\u003e0eebb9d\u003c/code\u003e\u003c/a\u003e EC check key on cofactor \u0026gt; 1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14287\"\u003e#14287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e\"\u003e\u003ccode\u003ebedf6e1\u003c/code\u003e\u003c/a\u003e fix openssl version on 46 branch (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14220\"\u003e#14220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e6f44fc8e6391f05d719fb9d369692325b87a471\"\u003e\u003ccode\u003ee6f44fc\u003c/code\u003e\u003c/a\u003e bump for 46.0.4 and drop win arm64 due to CI issues (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/14217\"\u003e#14217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/c0af4dd7b75921bbe9f1d41a03dbd4b64a9e3403\"\u003e\u003ccode\u003ec0af4dd\u003c/code\u003e\u003c/a\u003e release 46.0.3 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13681\"\u003e#13681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/99efe5ad150a56efadafacaffd0e3ee319373904\"\u003e\u003ccode\u003e99efe5a\u003c/code\u003e\u003c/a\u003e bump version for 46.0.2 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13531\"\u003e#13531\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/e735cfc27502320101c130335c556394a125ba52\"\u003e\u003ccode\u003ee735cfc\u003c/code\u003e\u003c/a\u003e release 46.0.1 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13450\"\u003e#13450\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/4e457ffba43a6d87efc63c33041e2081438dd8a4\"\u003e\u003ccode\u003e4e457ff\u003c/code\u003e\u003c/a\u003e Explicitly specify python in mac uv build invocation (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13447\"\u003e#13447\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/2726efdb6d67f1c90cf9c6062d9fe051965586f8\"\u003e\u003ccode\u003e2726efd\u003c/code\u003e\u003c/a\u003e Depend on CFFI 2.0.0 or newer on Python \u0026gt; 3.8 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13448\"\u003e#13448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/cryptography/commit/62230623d183706632c0eb7822c96ac95e3710a8\"\u003e\u003ccode\u003e6223062\u003c/code\u003e\u003c/a\u003e release 46.0.0 (\u003ca href=\"https://redirect.github.com/pyca/cryptography/issues/13446\"\u003e#13446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/cryptography/compare/41.0.6...46.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flask` from 2.2.5 to 3.1.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/releases\"\u003eflask's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.3/\"\u003ehttps://pypi.org/project/Flask/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-3\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-3\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys but not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. \u003ca href=\"https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726\"\u003eGHSA-68rp-wp8r-4726\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.2/\"\u003ehttps://pypi.org/project/Flask/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/page/changes/#version-3-1-2\"\u003ehttps://flask.palletsprojects.com/page/changes/#version-3-1-2\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/38?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/38?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5774\"\u003e#5774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state of \u003ccode\u003esession\u003c/code\u003e is correct. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5786\"\u003e#5786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5776\"\u003e#5776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.1\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.1/\"\u003ehttps://pypi.org/project/Flask/3.1.1/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-1\u003c/a\u003e\nMilestone \u003ca href=\"https://github.com/pallets/flask/milestone/36?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/36?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. GHSA-4grg-w6v8-c28g\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5645\"\u003e#5645\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands are shown. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5673\"\u003e#5673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return \u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier for Quart. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5659\"\u003e#5659\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.0\u003c/h2\u003e\n\u003cp\u003eThis is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as \u003ca href=\"https://pypi.org/project/pip-tools/\"\u003epip-tools\u003c/a\u003e to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Flask/3.1.0/\"\u003ehttps://pypi.org/project/Flask/3.1.0/\u003c/a\u003e\nChanges: \u003ca href=\"https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\"\u003ehttps://flask.palletsprojects.com/en/stable/changes/#version-3-1-0\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/flask/milestone/33?closed=1\"\u003ehttps://github.com/pallets/flask/milestone/33?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5623\"\u003e#5623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases. Werkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5624\"\u003e#5624\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5633\"\u003e#5633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option responses. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5496\"\u003e#5496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and \u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when opening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5504\"\u003e#5504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only through the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added \u003ccode\u003eMAX_FORM_MEMORY_SIZE\u003c/code\u003e and \u003ccode\u003eMAX_FORM_PARTS\u003c/code\u003e config. Added documentation about resource limits to the security page. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5625\"\u003e#5625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003ePartitioned\u003c/code\u003e cookie attribute (CHIPS), with the \u003ccode\u003eSESSION_COOKIE_PARTITIONED\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5472\"\u003e#5472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e-e path\u003c/code\u003e takes precedence over default \u003ccode\u003e.env\u003c/code\u003e and \u003ccode\u003e.flaskenv\u003c/code\u003e files. \u003ccode\u003eload_dotenv\u003c/code\u003e loads default files in addition to a path unless \u003ccode\u003eload_defaults=False\u003c/code\u003e is passed. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5628\"\u003e#5628\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport key rotation with the \u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5621\"\u003e#5621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix how setting \u003ccode\u003ehost_matching=True\u003c/code\u003e or \u003ccode\u003esubdomain_matching=False\u003c/code\u003e interacts with \u003ccode\u003eSERVER_NAME\u003c/code\u003e. Setting \u003ccode\u003eSERVER_NAME\u003c/code\u003e no longer restricts requests to only that domain. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5553\"\u003e#5553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.trusted_hosts\u003c/code\u003e is checked during routing, and can be set through the \u003ccode\u003eTRUSTED_HOSTS\u003c/code\u003e config. \u003ca href=\"https://redirect.github.com/pallets/flask/issues/5636\"\u003e#5636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/flask/blob/main/CHANGES.rst\"\u003eflask's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-18\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe session is marked as accessed for operations that only access the keys\nbut not the values, such as \u003ccode\u003ein\u003c/code\u003e and \u003ccode\u003elen\u003c/code\u003e. :ghsa:\u003ccode\u003e68rp-wp8r-4726\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.2\u003c/h2\u003e\n\u003cp\u003eReleased 2025-08-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003estream_with_context\u003c/code\u003e does not fail inside async views. :issue:\u003ccode\u003e5774\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eWhen using \u003ccode\u003efollow_redirects\u003c/code\u003e in the test client, the final state\nof \u003ccode\u003esession\u003c/code\u003e is correct. :issue:\u003ccode\u003e5786\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRelax type hint for passing bytes IO to \u003ccode\u003esend_file\u003c/code\u003e. :issue:\u003ccode\u003e5776\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.1\u003c/h2\u003e\n\u003cp\u003eReleased 2025-05-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix signing key selection order when key rotation is enabled via\n\u003ccode\u003eSECRET_KEY_FALLBACKS\u003c/code\u003e. :ghsa:\u003ccode\u003e4grg-w6v8-c28g\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix type hint for \u003ccode\u003ecli_runner.invoke\u003c/code\u003e. :issue:\u003ccode\u003e5645\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eflask --help\u003c/code\u003e loads the app and plugins first to make sure all commands\nare shown. :issue:\u003ccode\u003e5673\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eMark sans-io base class as being able to handle views that return\n\u003ccode\u003eAsyncIterable\u003c/code\u003e. This is not accurate for Flask, but makes typing easier\nfor Quart. :pr:\u003ccode\u003e5659\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.0\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-13\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for Python 3.8. :pr:\u003ccode\u003e5623\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eUpdate minimum dependency versions to latest feature releases.\nWerkzeug \u0026gt;= 3.1, ItsDangerous \u0026gt;= 2.2, Blinker \u0026gt;= 1.9. :pr:\u003ccode\u003e5624,5633\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProvide a configuration option to control automatic option\nresponses. :pr:\u003ccode\u003e5496\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFlask.open_resource\u003c/code\u003e/\u003ccode\u003eopen_instance_resource\u003c/code\u003e and\n\u003ccode\u003eBlueprint.open_resource\u003c/code\u003e take an \u003ccode\u003eencoding\u003c/code\u003e parameter to use when\nopening in text mode. It defaults to \u003ccode\u003eutf-8\u003c/code\u003e. :issue:\u003ccode\u003e5504\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.max_content_length\u003c/code\u003e can be customized per-request instead of only\nthrough the \u003ccode\u003eMAX_CONTENT_LENGTH\u003c/code\u003e config. Added\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65\"\u003e\u003ccode\u003e22d9247\u003c/code\u003e\u003c/a\u003e release version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4\"\u003e\u003ccode\u003e089cb86\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa\"\u003e\u003ccode\u003ec17f379\u003c/code\u003e\u003c/a\u003e request context tracks session access\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602\"\u003e\u003ccode\u003e27be933\u003c/code\u003e\u003c/a\u003e start version 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d\"\u003e\u003ccode\u003e4e652d3\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5903\"\u003e#5903\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a\"\u003e\u003ccode\u003e3d03098\u003c/code\u003e\u003c/a\u003e Abort if the instance folder cannot be created\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4\"\u003e\u003ccode\u003e407eb76\u003c/code\u003e\u003c/a\u003e document using gevent for async (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60\"\u003e\u003ccode\u003eac5664d\u003c/code\u003e\u003c/a\u003e document using gevent for async\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3\"\u003e\u003ccode\u003e4f79d5b\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11 (\u003ca href=\"https://redirect.github.com/pallets/flask/issues/5865\"\u003e#5865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f\"\u003e\u003ccode\u003efe3b215\u003c/code\u003e\u003c/a\u003e Increase required flit_core version to 3.11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/flask/compare/2.2.5...3.1.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pyopenssl` from 23.2.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/23.2.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `werkzeug` from 3.0.1 to 3.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/releases\"\u003ewerkzeug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.1.6\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.6 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.6/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.6/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-6\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in multi-segment paths. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-29vq-49wr-vm6x\"\u003eGHSA-29vq-49wr-vm6x\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.5\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.5/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.5/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-5\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/43?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/43?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless of extension or surrounding spaces. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7\"\u003eGHSA-87hc-h4r5-73f7\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3077\"\u003e#3077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with \u003ccode\u003epin_security=False\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3075\"\u003e#3075\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.4\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.4/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.4/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\"\u003ehttps://werkzeug.palletsprojects.com/page/changes/#version-3-1-4\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/42?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/42?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents reading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e already prevented writing to these. \u003ca href=\"https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2\"\u003eghsa-hgf8-39gv-g3f2\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3020\"\u003e#3020\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3065\"\u003e#3065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3054\"\u003e#3054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3067\"\u003e#3067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available source lines. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3044\"\u003e#3044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the distinction between WSGI and sans-IO responses. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3056\"\u003e#3056\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.3\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.3/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.3/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3\u003c/a\u003e\nMilestone: \u003ca href=\"https://github.com/pallets/werkzeug/milestone/41?closed=1\"\u003ehttps://github.com/pallets/werkzeug/milestone/41?closed=1\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts \u003ccode\u003elist\u003c/code\u003e, \u003ccode\u003etuple\u003c/code\u003e, or \u003ccode\u003eset\u003c/code\u003e when passing multiple values. It had been changed to accept any \u003ccode\u003eCollection\u003c/code\u003e, but this matched types that should be treated as single values, such as \u003ccode\u003ebytes\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2994\"\u003e#2994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWhen the \u003ccode\u003eHost\u003c/code\u003e header is not set and \u003ccode\u003eRequest.host\u003c/code\u003e falls back to the WSGI \u003ccode\u003eSERVER_NAME\u003c/code\u003e value, if that value is an IPv6 address it is wrapped in \u003ccode\u003e[]\u003c/code\u003e to match the \u003ccode\u003eHost\u003c/code\u003e header. \u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/2993\"\u003e#2993\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.1.2\u003c/h2\u003e\n\u003cp\u003eThis is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.\u003c/p\u003e\n\u003cp\u003ePyPI: \u003ca href=\"https://pypi.org/project/Werkzeug/3.1.2/\"\u003ehttps://pypi.org/project/Werkzeug/3.1.2/\u003c/a\u003e\nChanges: \u003ca href=\"https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\"\u003ehttps://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pallets/werkzeug/blob/main/CHANGES.rst\"\u003ewerkzeug's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 3.1.6\u003c/h2\u003e\n\u003cp\u003eReleased 2026-02-19\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special devices names in\nmulti-segment paths. :ghsa:\u003ccode\u003e29vq-49wr-vm6x\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse.make_conditional\u003c/code\u003e sets the \u003ccode\u003eAccept-Ranges\u003c/code\u003e header even if it\nis not a satisfiable range request. :issue:\u003ccode\u003e3108\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.5\u003c/h2\u003e\n\u003cp\u003eReleased 2026-01-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow more special device names, regardless\nof extension or surrounding spaces. :ghsa:\u003ccode\u003e87hc-h4r5-73f7\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\nThis fixes the previous attempt, which caused incorrect content lengths.\n:issue:\u003ccode\u003e3065\u003c/code\u003e :issue:\u003ccode\u003e3077\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003eAttributeError\u003c/code\u003e when initializing \u003ccode\u003eDebuggedApplication\u003c/code\u003e with\n\u003ccode\u003epin_security=False\u003c/code\u003e. :issue:\u003ccode\u003e3075\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.4\u003c/h2\u003e\n\u003cp\u003eReleased 2025-11-28\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003esafe_join\u003c/code\u003e on Windows does not allow special device names. This prevents\nreading from these when using \u003ccode\u003esend_from_directory\u003c/code\u003e. \u003ccode\u003esecure_filename\u003c/code\u003e\nalready prevented writing to these. :ghsa:\u003ccode\u003ehgf8-39gv-g3f2\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe debugger pin fails after 10 attempts instead of 11. :pr:\u003ccode\u003e3020\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe multipart form parser handles a \u003ccode\u003e\\r\\n\u003c/code\u003e sequence at a chunk boundary.\n:issue:\u003ccode\u003e3065\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eImprove CPU usage during Watchdog reloader. :issue:\u003ccode\u003e3054\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest.json\u003c/code\u003e annotation is more accurate. :issue:\u003ccode\u003e3067\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTraceback rendering handles when the line number is beyond the available\nsource lines. :issue:\u003ccode\u003e3044\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eHTTPException.get_response\u003c/code\u003e annotation and doc better conveys the\ndistinction between WSGI and sans-IO responses. :issue:\u003ccode\u003e3056\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 3.1.3\u003c/h2\u003e\n\u003cp\u003eReleased 2024-11-08\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInitial data passed to \u003ccode\u003eMultiDict\u003c/code\u003e and similar interfaces only accepts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/04da1b5221b7a7b57e82246e4b5741d37a6b2e56\"\u003e\u003ccode\u003e04da1b5\u003c/code\u003e\u003c/a\u003e release version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f407712fdc60a09c2b3f4fe7db557703e5d9338d\"\u003e\u003ccode\u003ef407712\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/f54fe98026253e70fbbcd35a6b52fb67cfff1c03\"\u003e\u003ccode\u003ef54fe98\u003c/code\u003e\u003c/a\u003e safe_join prevents Windows special device names in multi-segment paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/d005985ef69ffe3275eda8fb6fb25e074dbe871b\"\u003e\u003ccode\u003ed005985\u003c/code\u003e\u003c/a\u003e start version 3.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/8565c2cbd6681ae8463e77d4fc0795324a7fdae7\"\u003e\u003ccode\u003e8565c2c\u003c/code\u003e\u003c/a\u003e document rule priority (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3102\"\u003e#3102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/3febc7e90072bffe04c27e6b7478dfc4f88930df\"\u003e\u003ccode\u003e3febc7e\u003c/code\u003e\u003c/a\u003e document rule priority\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/2525b827646c10ab7adb334664e6a4af1b769181\"\u003e\u003ccode\u003e2525b82\u003c/code\u003e\u003c/a\u003e remove state machine docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/4abfbd553cdeb6d4e6fa693340d52b13c884079f\"\u003e\u003ccode\u003e4abfbd5\u003c/code\u003e\u003c/a\u003e rewrite build docstring (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3097\"\u003e#3097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/161c18b2a8800ae6ef377fb3cbdb933a878fea67\"\u003e\u003ccode\u003e161c18b\u003c/code\u003e\u003c/a\u003e rewrite build docstring\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pallets/werkzeug/commit/86e11c29e44726dae524cd9db11549b3b1ad681d\"\u003e\u003ccode\u003e86e11c2\u003c/code\u003e\u003c/a\u003e release version 3.1.5 (\u003ca href=\"https://redirect.github.com/pallets/werkzeug/issues/3085\"\u003e#3085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pallets/werkzeug/compare/3.0.1...3.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7292\"\u003e#7292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/753fd08c5eacce0aa0df73fe47e49525c67e0a29\"\u003e\u003ccode\u003e753fd08\u003c/code\u003e\u003c/a\u003e docs: fix FAQ grammar in httplib2 example\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/774a0b837a194ee885d4fdd9ca947900cc3daf71\"\u003e\u003ccode\u003e774a0b8\u003c/code\u003e\u003c/a\u003e docs(socks): same block as other sections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/9c72a41bec8597f948c9d8caa5dc3f12273b3303\"\u003e\u003ccode\u003e9c72a41\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.33.0 to 4.34.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/ebf71906798ec82f34e07d3168f8b8aecaf8a3be\"\u003e\u003ccode\u003eebf7190\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.32.0 to 4.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/0e4ae38f0c93d4f92a96c774bd52c069d12a4798\"\u003e\u003ccode\u003e0e4ae38\u003c/code\u003e\u003c/a\u003e docs: exclude Response.is_permanent_redirect from API docs (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7244\"\u003e#7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/d568f47278492e630cc990a259047c67991d007a\"\u003e\u003ccode\u003ed568f47\u003c/code\u003e\u003c/a\u003e docs: clarify Quickstart POST example (\u003ca href=\"https://redirect.github.com/psf/requests/issues/6960\"\u003e#6960\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/psf/requests/compare/v2.31.0...v2.33.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `requests` from 2.31.0 to 2.33.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/releases\"\u003erequests's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.33.0\u003c/h2\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report any gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/M0d3v1\"\u003e\u003ccode\u003e@​M0d3v1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6865\"\u003epsf/requests#6865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aminvakil\"\u003e\u003ccode\u003e@​aminvakil\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7220\"\u003epsf/requests#7220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/E8Price\"\u003e\u003ccode\u003e@​E8Price\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6960\"\u003epsf/requests#6960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitre88\"\u003e\u003ccode\u003e@​mitre88\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7244\"\u003epsf/requests#7244\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magsen\"\u003e\u003ccode\u003e@​magsen\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/6553\"\u003epsf/requests#6553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/psf/requests/pull/7227\"\u003epsf/requests#7227\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\"\u003ehttps://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.32.5\u003c/h2\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.32.4\u003c/h2\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/psf/requests/blob/main/HISTORY.md\"\u003erequests's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.33.0 (2026-03-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eAnnouncements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e📣 Requests is adding inline types. If you have a typed code base that\nuses Requests, please take a look at \u003ca href=\"https://redirect.github.com/psf/requests/issues/7271\"\u003e#7271\u003c/a\u003e. Give it a try, and report\nany gaps or feedback you may have in the issue. 📣\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-25645 \u003ccode\u003erequests.utils.extract_zipped_paths\u003c/code\u003e now extracts\ncontents to a non-deterministic location to prevent malicious file\nreplacement. This does not affect default usage of Requests, only\napplications calling the utility function directly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eImprovements\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMigrated to a PEP 517 build system using setuptools. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7012\"\u003e#7012\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where an empty netrc entry could cause\nmalformed authentication to be applied to Requests on\nPython 3.11+. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7205\"\u003e#7205\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.9 following its end of support. (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7196\"\u003e#7196\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDocumentation\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eVarious typo fixes and doc improvements.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.5 (2025-08-18)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBugfixes\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe SSLContext caching feature originally introduced in 2.32.0 has created\na new class of issues in Requests that have had negative impact across a number\nof use cases. The Requests team has decided to revert this feature as long term\nmaintenance of it is proving to be unsustainable in its current iteration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eDeprecations\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Python 3.14.\u003c/li\u003e\n\u003cli\u003eDropped support for Python 3.8 following its end of support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.32.4 (2025-06-10)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eSecurity\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted\nenvironment will retrieve credentials for the wrong hostname/machine from a\nnetrc file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/bc04dfd6dad4cb02cd92f5daa81eb562d280a761\"\u003e\u003ccode\u003ebc04dfd\u003c/code\u003e\u003c/a\u003e v2.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7\"\u003e\u003ccode\u003e66d21cb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/8b9bc8fc0f63be84602387913c4b689f19efd028\"\u003e\u003ccode\u003e8b9bc8f\u003c/code\u003e\u003c/a\u003e Move badges to top of README (\u003ca href=\"https://redirect.github.com/psf/requests/issues/7293\"\u003e#7293\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/psf/requests/commit/e331a288f369973f5de0ec8901c94cae4fa87286\"\u003e\u003ccode\u003ee331a28\u003c/code\u003e\u003c/a\u003e Remove unused extraction call (\u003ca href=\"https://redirect.gi...\n\n_Description has been truncated_","html_url":"https://github.com/c6ai/python-docs-samples/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/c6ai%2Fpython-docs-samples/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"25.3.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-25T20:54:58.000Z","version_change":"25.3.0 → 26.0.0","issue":{"uuid":"4138466831","node_id":"PR_kwDORfsT-s7NfGdr","number":28,"state":"closed","title":"build(deps): bump the uv group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-25T20:58:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T20:54:58.000Z","updated_at":"2026-03-25T20:58:30.000Z","time_to_close":210,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"uv","update_count":2,"packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"},{"name":"pypdf","old_version":"6.7.5","new_version":"6.9.2","repository_url":"https://github.com/py-pdf/pypdf"}],"path":null,"ecosystem":"pip"},"body":"Bumps the uv group with 2 updates in the / directory: [pyopenssl](https://github.com/pyca/pyopenssl) and [pypdf](https://github.com/py-pdf/pypdf).\n\nUpdates `pyopenssl` from 25.3.0 to 26.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pypdf` from 6.7.5 to 6.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/releases\"\u003epypdf's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e) by \u003ca href=\"https://github.com/Yuki9814\"\u003e\u003ccode\u003e@​Yuki9814\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e) by \u003ca href=\"https://github.com/dmitry-kostin\"\u003e\u003ccode\u003e@​dmitry-kostin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e) by \u003ca href=\"https://github.com/j-t-1\"\u003e\u003ccode\u003e@​j-t-1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch2\u003eWhat's new\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e) by \u003ca href=\"https://github.com/costajohnt\"\u003e\u003ccode\u003e@​costajohnt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e) by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls by \u003ca href=\"https://github.com/stefan6419846\"\u003e\u003ccode\u003e@​stefan6419846\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md\"\u003epypdf's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eVersion 6.9.2, 2026-03-23\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRobustness (ROB)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.1...6.9.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.1, 2026-03-17\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.9.0...6.9.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.9.0, 2026-03-15\u003c/h2\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExpose /Perms verification result on Encryption object (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3672\"\u003e#3672\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements (PI)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix O(n²) performance in NameObject read/write (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3679\"\u003e#3679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBatch-parse all objects in ObjStm on first access (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3677\"\u003e#3677\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes (BUG)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid accessing invalid page when inserting blank page under some conditions (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3529\"\u003e#3529\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.8.0...6.9.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eVersion 6.8.0, 2026-03-09\u003c/h2\u003e\n\u003ch3\u003eSecurity (SEC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLimit allowed \u003ccode\u003e/Length\u003c/code\u003e value of stream  (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3675\"\u003e#3675\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Features (ENH)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd /IRT (in-reply-to) support for markup annotations (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3631\"\u003e#3631\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation (DOC)\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid using \u003ccode\u003ePageObject.replace_contents\u003c/code\u003e on PdfReader (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3669\"\u003e#3669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument how to disable jbig2dec calls\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.8.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/da867f4961e4ac5ac9d751cba3131c5a1a8777f3\"\u003e\u003ccode\u003eda867f4\u003c/code\u003e\u003c/a\u003e REL: 6.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413\"\u003e\u003ccode\u003e02b1345\u003c/code\u003e\u003c/a\u003e SEC: Avoid infinite loop in read_from_stream for broken files (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3693\"\u003e#3693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/3bef3393757d9ab711032cb07019ae3b8132ba42\"\u003e\u003ccode\u003e3bef339\u003c/code\u003e\u003c/a\u003e MAINT: Prefer bytearray over bytes in image_inline (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3692\"\u003e#3692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/04b0a38f56ade7ba8ab9ed2f2b83e86794a036d5\"\u003e\u003ccode\u003e04b0a38\u003c/code\u003e\u003c/a\u003e ROB: Resolve UnboundLocalError for xobjs in _get_image (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3684\"\u003e#3684\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0e5157c2d9440c3594de43ffe27745eb474a2fb9\"\u003e\u003ccode\u003e0e5157c\u003c/code\u003e\u003c/a\u003e REL: 6.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/0b5d05de59a055c132b435ee2375bc32ff04d48e\"\u003e\u003ccode\u003e0b5d05d\u003c/code\u003e\u003c/a\u003e SEC: Improve performance and limit length of array-based content streams (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3686\"\u003e#3686\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/87aa1d436b91c055f6ed1a4ed4146567e5db67b3\"\u003e\u003ccode\u003e87aa1d4\u003c/code\u003e\u003c/a\u003e DEV: Remove unused reverse encoding dicts (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3685\"\u003e#3685\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/84f526622657d3da2068d5c05c0cba8746aec7b0\"\u003e\u003ccode\u003e84f5266\u003c/code\u003e\u003c/a\u003e MAINT: Use placeholder-based approach for logger_error (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3673\"\u003e#3673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/8f1f4aa8607a1e3b4730d67ca24e6b8f86bf526f\"\u003e\u003ccode\u003e8f1f4aa\u003c/code\u003e\u003c/a\u003e REL: 6.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/py-pdf/pypdf/commit/5a9a0da71714c4361b38ebdcaf304291569d7a2f\"\u003e\u003ccode\u003e5a9a0da\u003c/code\u003e\u003c/a\u003e BUG: Avoid sharing array-based content streams between pages (\u003ca href=\"https://redirect.github.com/py-pdf/pypdf/issues/3681\"\u003e#3681\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/py-pdf/pypdf/compare/6.7.5...6.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/KalCola/crawl4ai/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/KalCola/crawl4ai/pull/28","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/KalCola%2Fcrawl4ai/issues/28","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/28/packages"}},{"old_version":"25.3.0","new_version":"26.0.0","update_type":"major","path":"/nemo_retriever","pr_created_at":"2026-03-25T15:58:53.000Z","version_change":"25.3.0 → 26.0.0","issue":{"uuid":"4136551773","node_id":"PR_kwDOMm8pg87NZsN-","number":1724,"state":"open","title":"Bump pyopenssl from 25.3.0 to 26.0.0 in /nemo_retriever","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-25T15:58:53.000Z","updated_at":"2026-03-25T15:58:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":"/nemo_retriever","ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=uv\u0026previous-version=25.3.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NVIDIA/NeMo-Retriever/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/NVIDIA/NeMo-Retriever/pull/1724","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NVIDIA%2FNeMo-Retriever/issues/1724","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1724/packages"}},{"old_version":"25.1.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-25T10:36:15.000Z","version_change":"25.1.0 → 26.0.0","issue":{"uuid":"4134348202","node_id":"PR_kwDORwUrZc7NTP1q","number":3,"state":"closed","title":"Bump pyopenssl from 25.1.0 to 26.0.0","user":"dependabot[bot]","labels":["dependencies","python"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-25T10:39:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-25T10:36:15.000Z","updated_at":"2026-03-25T10:39:01.000Z","time_to_close":165,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"pyopenssl","old_version":"25.1.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.1.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.3.0 (2025-09-16)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMaximum supported \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.x.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e25.2.0 (2025-09-14)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 45.0.7.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003epyOpenSSL now sets \u003ccode\u003eSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\u003c/code\u003e on connections by default, matching CPython's behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.1.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=pip\u0026previous-version=25.1.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Stark-Expo-Tech-Exchange/DSTerminal_SOP_Documentation/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Stark-Expo-Tech-Exchange/DSTerminal_SOP_Documentation/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Stark-Expo-Tech-Exchange%2FDSTerminal_SOP_Documentation/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"25.3.0","new_version":"26.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-22T21:26:50.000Z","version_change":"25.3.0 → 26.0.0","issue":{"uuid":"4117152950","node_id":"PR_kwDOROZGpc7Mhn51","number":27,"state":"closed","title":"build(deps): bump pyopenssl from 25.3.0 to 26.0.0","user":"dependabot[bot]","labels":["dependencies","python:uv"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-22T23:26:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-22T21:26:50.000Z","updated_at":"2026-03-22T23:27:02.000Z","time_to_close":7203,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"pyopenssl","old_version":"25.3.0","new_version":"26.0.0","repository_url":"https://github.com/pyca/pyopenssl"}],"path":null,"ecosystem":"pip"},"body":"Bumps [pyopenssl](https://github.com/pyca/pyopenssl) from 25.3.0 to 26.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst\"\u003epyopenssl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.0 (2026-03-15)\u003c/h2\u003e\n\u003cp\u003eBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDropped support for Python 3.7.\u003c/li\u003e\n\u003cli\u003eThe minimum \u003ccode\u003ecryptography\u003c/code\u003e version is now 46.0.0.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDeprecations:\n^^^^^^^^^^^^^\u003c/p\u003e\n\u003cp\u003eChanges:\n^^^^^^^^\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using aws-lc instead of OpenSSL.\u003c/li\u003e\n\u003cli\u003eProperly raise an error if a DTLS cookie callback returned a cookie longer than \u003ccode\u003eDTLS1_COOKIE_LENGTH\u003c/code\u003e bytes. Previously this would result in a buffer-overflow. Credit to \u003cstrong\u003edark_haxor\u003c/strong\u003e for reporting the issue. \u003cstrong\u003eCVE-2026-27459\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eOpenSSL.SSL.Connection.get_group_name\u003c/code\u003e to determine which group name was negotiated.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eContext.set_tlsext_servername_callback\u003c/code\u003e now handles exceptions raised in the callback by calling \u003ccode\u003esys.excepthook\u003c/code\u003e and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to \u003cstrong\u003eLeury Castillo\u003c/strong\u003e for reporting this issue. \u003cstrong\u003eCVE-2026-27448\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/358cbf29c4e364c59930e53a270116249581eaa3\"\u003e\u003ccode\u003e358cbf2\u003c/code\u003e\u003c/a\u003e Prepare for 26.0.0 release (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1487\"\u003e#1487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a8d28e7069ca213049ccfbcc227ed9ef6080a15b\"\u003e\u003ccode\u003ea8d28e7\u003c/code\u003e\u003c/a\u003e Bump actions/cache from 4 to 5 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1486\"\u003e#1486\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/6fefff05561c0a5e8f668b4e029a6ba3adb7d89e\"\u003e\u003ccode\u003e6fefff0\u003c/code\u003e\u003c/a\u003e Add aws-lc compatibility to tests and CI (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1476\"\u003e#1476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/a739f9661d09ec6cda448ad71ca3e6df0dce9d75\"\u003e\u003ccode\u003ea739f96\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 8.0.0 to 8.0.1 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1485\"\u003e#1485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/8b4c66b1b5649ce046665b151772d40c1cddd66a\"\u003e\u003ccode\u003e8b4c66b\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact in /.github/actions/upload-coverage (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1484\"\u003e#1484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/02a5c78435cd445a7d5ef20b354dba2b6abdac64\"\u003e\u003ccode\u003e02a5c78\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6.0.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1483\"\u003e#1483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d9733878d67ee2ad94327768bb6dc416f7827443\"\u003e\u003ccode\u003ed973387\u003c/code\u003e\u003c/a\u003e Bump actions/download-artifact from 7.0.0 to 8.0.0 (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1482\"\u003e#1482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\"\u003e\u003ccode\u003e57f09bb\u003c/code\u003e\u003c/a\u003e Fix buffer overflow in DTLS cookie generation callback (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0\"\u003e\u003ccode\u003ed41a814\u003c/code\u003e\u003c/a\u003e Handle exceptions in set_tlsext_servername_callback callbacks (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1478\"\u003e#1478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pyca/pyopenssl/commit/7b29beba7759f0b810b5d5375a50469c4f8947b3\"\u003e\u003ccode\u003e7b29beb\u003c/code\u003e\u003c/a\u003e Fix not using a cryptography wheel on uv (\u003ca href=\"https://redirect.github.com/pyca/pyopenssl/issues/1475\"\u003e#1475\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pyca/pyopenssl/compare/25.3.0...26.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyopenssl\u0026package-manager=uv\u0026previous-version=25.3.0\u0026new-version=26.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/teh-hippo/ha-porkbun/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/teh-hippo/ha-porkbun/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/teh-hippo%2Fha-porkbun/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}}]}